Few devices know more personal details about people than the smartphones in their pockets: phone numbers, current location, often the owner’s real name—even a unique ID number that can never be changed or turned off.
These phones don’t keep secrets. They are sharing this personal data widely and regularly, a Wall Street Journal investigation has found.
An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders.
The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.
Among the apps tested, the iPhone apps transmitted more data than the apps on phones using Google Inc.’s Android operating system. Because of the test’s size, it’s not known if the pattern holds among the hundreds of thousands of apps available.
Apps sharing the most information included TextPlus 4, a popular iPhone app for text messaging. It sent the phone’s unique ID number to eight ad companies and the phone’s zip code, along with the user’s age and gender, to two of them.
Both the Android and iPhone versions of Pandora, a popular music app, sent age, gender, location and phone identifiers to various ad networks. iPhone and Android versions of a game called Paper Toss—players try to throw paper wads into a trash can—each sent the phone’s ID number to at least five ad companies. Grindr, an iPhone app for meeting gay men, sent gender, location and phone ID to three ad companies.
“In the world of mobile, there is no anonymity,” says Michael Becker of the Mobile Marketing Association, an industry trade group. A cellphone is “always with us. It’s always on.”
iPhone maker Apple Inc. says it reviews each app before offering it to users. Both Apple and Google say they protect users by requiring apps to obtain permission before revealing certain kinds of information, such as location.
“We have created strong privacy protections for our customers, especially regarding location-based data,” says Apple spokesman Tom Neumayr. “Privacy and trust are vitally important.”
The Journal found that these rules can be skirted. One iPhone app, Pumpkin Maker (a pumpkin-carving game), transmits location to an ad network without asking permission. Apple declines to comment on whether the app violated its rules.
Smartphone users are all but powerless to limit the tracking. With few exceptions, app users can’t “opt out” of phone tracking, as is possible, in limited form, on regular computers. On computers it is also possible to block or delete “cookies,” which are tiny tracking files. These techniques generally don’t work on cellphone apps.