The Wall Street Journal has rigorously tested 101 of the most popular apps on both iOS and Android to monitor the personal information they collect and send over the internet. The test was done to determine how private your personal data actually is when trusted to 3rd party apps.
The Journal hired a technology consultant, David Campbell, to analyze the apps. Mr. Campbell is a principal at Electric Alchemy in Denver, which specializes in software security.
Mr. Campbell disabled the phones’ cellular service and forced all the data traffic through a Wi-Fi connection, where it could be collected and analyzed. He used an open-source tool called “Mallory” to decrypt encrypted data.
The website has an interactive database that graphs the applications and outlines what types of information they are phoning home. It’s not at all meant to scare users into wearing a tinfoil hat, just make it known that we really are putting an awful lot of trust into these applications, even though we don’t know how it may be used.
For example, TextPlus transfers your contacts, phone number, phone ID, age, gender, username and password over the network—but, due to the nature of the app, it legitimately needs access to this information. On the other hand, if something like a flashlight app needs your location—you know something isn’t right, and that it may be selling your information to marketers.