Apple has always been known to heavily curate their App Store, like Walmart, while the jailbroken alternative, Cydia, has always been looked at as more open, like a market. It turns out, however, official App Store apps may leak your data far more than their unapproved, jailbreak counterparts.
An on-going study by the International Security Systems Lab and the University of California at Santa Barbara reveals some startling information about apps that leak your private data to their developers. The most surprising part of this survey for many may be the fact that jailbroken apps actually leak your personal data far less often than their Apple-approved counterparts.
Using a tool named PiOS, USCB took a sample of 825 free apps from the official App Store and 526 free apps from the Cydia repository, Big Boss, the largest and most popular of all the repositories available. What they discovered may make people rethink their bad connotation about jailbreaking.
- 21% of official App Store apps leaked some kind of personal data to their developers
- Only 4% of jailbroken apps sent personal data to developers
The most common form of data leaked was the user's device UDID. This is not something I'd say users should be specifically concerned with. Your UDID number identifies your individual device. It's most likely what Apple uses to build user profiles and gauge your interests in order to offer you more relevant iAd information or App Store recommendations.
Further, official apps leaked location and address book information more often. One official app also revealed your actual phone number to the developer. No jailbreak apps gave developers access to your phone number and only one gave access to your address book and location data.
In the past jailbreak developers have developed patches for security exploits before Apple addressed the issue. Cydia also plays host to several apps that actually provide jailbreakers more control and protection over their private data than what iOS offers stock.
Jailbreak apps such as PrivaCY, developed by Cydia creator Jay Freeman, actually gives user a toggle that will block apps from uploading private data and usage statistics to remote servers. After it was discovered that Path was transmitting user's address books, Ryan Petrich created a jailbreak apps called ContactPrivacy which warns users when an app is trying to access data.
Jay Freeman thinks jailbreakers are concerned with their data and privacy even more so than stock users (that's probably true) -
“If you care about this kind of thing, you should jailbreak your phone,"
"Instead of Apple making decisions about what’s good and bad, you decide. People think jailbreaking is about deciding that things Apple doesn’t like are good. But it also allows you to decide that things Apple likes are bad. We provide you the tools to block the functionality you don’t believe apps should have on your phone.”
The difference may simply lie in the user base. Anyone who decides to jailbreak is pretty much classifying themselves as a power user. These users don't want Apple to make decisions for them. Beyond that, they greatly care about their data and security.
Over 10 million users are currently running jailbroken iOS devices. They have more options when it comes to protecting their privacy and user data than the millions of devices that aren't jailbroken. Many users have a negative connotation when it comes to jailbreak. Yes a jailbreak uses an exploit in the device to inject code that Apple doesn't let you run by default. But keep in mind these security holes are already present, stock or not.
What you decide to download from unofficial sources like Cydia after jailbreaking lies strictly with you. Could jailbreak leave your device open to malware attacks? Sure. But only if you're downloading packages that contain malware. Reading release notes and making sure you know what you're downloading eliminates 99% of these problems.
And again, most users that seek jailbreak are a bit more technologically inclined. They know what they're downloading and what they should stay away from.
Whether you are #TeamJailbreak or #TeamPure, does it surprise you that official apps leak more data than their unauthorized counterparts? Has any of it made you rethink any negative opinions you have about jailbreaking?