Jailbreak Apps More Secure Than Apple-Approved Apps with Less Chance of Data Leak: Study
A table from the study shows how frequently authorized App Store and unauthorized Cydia iOS apps leak private information. Credit: UCSB

Many people tend to believe that jailbreak apps (not authorized by Apple) are not secure enough to use compared to the ones available in the Apple app store. If you are one of those, here's a surprising update for you - the popular, yet unauthorized, jailbreak apps have more respect for your privacy than those apps boasting Apple's approval, a recent study revealed.

Last week, Internet exploded after blogger Arun Thampi revealed in his blog post that iPhone app Path sends all information in users' address book to its servers as a plist upon registering for the service. Thampi's revelation simply authenticated the fact that Apple's extra-cautious approach to third-party apps isn't as protective as it appears to be.

Now, the aforementioned study, reported by Forbes, has brought even more pain to the App Store apps saying applications on the Cydia store for jailbroken iOS devices are less likely to leak users' private data than the Apple-approved apps.

The study (PDF here) by a research team at the University of California and the International Security Systems Lab was conducted to analyze how and where iPhone apps transmit users' private data. At the end of their study, researchers ended up with two shockers:-

  • One in five free App Store applications purposely uploads private data back to the developers that could potentially identify users and allow profiles to be built of their activities.
  • Jailbreak apps in Cydia store tend to leak private data far less frequently than Apple's approved apps.

The researchers built a tool called PiOS that can analyze iOS apps for private data leaks. The tool was run on 1,407 free apps - 825 apps from the App Store using the website App Tracker, and 526 apps from Cydia's repository the BigBoss.

A table from the study shows how frequently authorized App Store and unauthorized Cydia iOS apps leak private information. Credit: UCSB

The findings showed that out of the 825 free App Store applications tested, 170 apps (21 percent) uploaded the user's Unique Device Identifier (UDID), a series of user-specific digits that can be tracked between apps to assemble a profile of a specific person's behavior, 35 apps (4 percent) uploaded the device location via GPS and 4 apps (0.5 percent) uploaded the user's address book.

When it came to unauthorized Cydia apps, only 25 apps (4 percent) tested leaking the UDID identifier, with only one application tracking the user's location and address book data. The one application, which tracked location, was actually called MobileSpy, specially designed to do just that.

According to a Redmond Pie report, one possible reason for jailbreak apps outshining official app store apps over security concerns is that people who create software for jailbroken devices are more in tune and conscious of app security concerns.

The jailbreak creators have to overcome Apple's own security to actually perform a jailbreak so therefore it is logical to accept that they will have an in-depth knowledge of this, the report stated.

Cydia's creator Jay Freeman even said that there are numerous applications available via the app directory for jailbroken devices that actually give users privacy and security features they wouldn't otherwise have. Freeman himself developed an app called PrivaCy that offers a toggle switch that allows users to control whether any particular app can upload usage statistics to a remote server.

Forbes quoted Freeman as saying:

If you care about this kind of thing, you should jailbreak your phone, says Freeman. Instead of Apple making decisions about what's good and bad, you decide. People think jailbreaking is about deciding that things Apple doesn't like are good. But it also allows you to decide that things Apple likes are bad. We provide you the tools to block the functionality you don't believe apps should have on your phone.