Last week, IT Business Edge blogger Carl Weinschenk spoke to Will Enck, a Penn State University Ph.D. candidate whose study revealed that Android mobile applications are often sending sensitive user information to surprising places. For instance, Enck said:
Of 30 applications, 15 were sharing location information with an advertisement server... [S]even applications were sending International Mobile Equipment Identifier information to a remote server without the user's knowledge... We also found two applications sharing the phone number and different subscriber identifiers.
Though Enck would not speculate as to whether such information was collected and shared intentionally, he did indicate that the researchers did not expect to find the applications using sensitive information in the ways it was being used. Understandably, those who own the phones and downloaded the apps would be even less likely to expect their information to be used in those ways.
And apparently, mobile apps aren't the only culprits. A recent study conducted by The Wall Street Journal found that some of Facebook's most popular applications also send sensitive user information to third parties, regardless of how users have configured their Facebook privacy controls. According to a Facebook spokesperson quoted in the WSJ piece, "A Facebook user ID may be inadvertently shared by a user's Internet browser or by an application," but that doesn't mean the third party then has access to the user's information.