May 12th, 2011
The Privacy Risks of ID Codes in Your Apps
The Wall Street Journal
New research into the unique phone identifiers on smartphones suggests potential privacy risks in the way some application makers handle the codes.
The identifiers — long strings of numbers and letters associated with the phone — don’t themselves hold any information about users. But the researcher, Aldo Cortesi, found that a mobile-gaming company connected the IDs to users’ locations and Facebook profiles, and then made the combined data available to outsiders.
Mr. Cortesi said the gaming company, OpenFeint, fixed the Facebook and location issues after he contacted the company about a month ago. California-based OpenFeint provides a gaming network that has more than 75 million registered users across more than 5,000 games, according to the company. Mr. Cortesi described his findings in a blog post last week.
OpenFeint did not immediately respond to a request for comment.
The biggest risks from OpenFeint may have been resolved, but the study raises questions about the way app makers and their partners handle the phone identifiers.
The Wall Street Journal found in a study last year that 56 of 101 popular smartphone apps passed one or more unique device IDs to other companies. That included three apps – The Moron Test and Ninjump on Apple Inc.’s iPhone and Fruitninja on Google Inc.’s Android platform – that passed device IDs to OpenFeint. Moron Test and Ninjump also transmitted data about the location of the phone to OpenFeint.
Read more: http://blogs.wsj.com/digits/2011/05/11/the-privacy-risks-of-id-codes-in-your-apps/?mod=WSJBlog&mod=