Buyers of iPhone apps have little idea what information or functions their apps will access. Google's Play Store shows what information and functions an app will access -- but the choice is all or nothing. Older versions of the BlackBerry OS gave users more freedom to choose which APIs (application programming interfaces) they would allow an app to access, at the risk of breaking the app, but in BlackBerry 10 that granular control is available only for native apps: For Android apps the choice is once again take it or leave it.
Apple is taking baby steps toward giving users that kind of control. In iOS 5 they could prevent individual apps from accessing their location, and in iOS 6 they will have another option as Apple seeks to wean developers off using the UDID to identify users and target advertising.
Instead, Apple wants developers to use the Advertising Identifier it introduced in iOS 6. This is not permanently associated with a phone or person, and users who don't want to be tracked can change it whenever they wish -- as long as they think to look in Settings/General/About/Advertising rather than the more obvious Settings/Privacy.
That option wasn't available to the participants in the CNIL-INRIA study, though, which for technical reasons was conducted using iOS 5. The next phase of research will use iOS 6, now that INRIA has updated its monitoring app to use the new version.
To monitor how the apps accessed private information, INRIA had to jailbreak the iPhones and install a special app to intercept the Apple APIs through which apps request access to private information, said INRIA researcher Vincent Roca. The researchers chose to work on iPhones because they already had experience developing for iOS. They are now developing an app with similar capabilities for Android phones, which they have to root in order to install it.
INRIA's monitoring app recorded each intercepted request in a database on the phone, along with the private information requested, so that it could identify it in outbound network traffic. The iOS 5 app could only monitor unencrypted network traffic, but the version for iOS 6 can now hook the network APIs before the traffic is encrypted, Roca said.
The app also forwarded intercepted requests to a central server for the study -- without the related private information, as even experimental subjects are entitled to their privacy, the researchers emphasized.
INRIA and CNIL are only just beginning to analyze the data they collected from the six iPhones: There's 9 gigabytes of it, covering 7 million privacy events over the three-month period.