Lookout Inc., a mobile-phone security firm, scanned nearly 300,000 free applications built for Apple's iPhone and Google's Android smartphones. "It found that nearly a quarter of iPhone apps and almost half Android apps contained software code that secretly pull sensitive data off users' phones and ship them off to third parties without notification." The data can include full details about users' contacts, their pictures, text messages and Internet and search histories. 3rd parties can include advertisers and companies that analyze data on users.
The code had been written by 3rd parties and inserted into apps by the developers, usually for a specific purpose, such as allowing apps to run ads. But the code winds up forcing app to collect more data on users than even developers may realize, Lookout executives said. "We found that not only users, but developers as well, don't know what's happening in their apps, even in their own apps, which's fascinating," said John Hering, CEO of the San Francisco-based Lookout.