Internet security firm Bitdefender’s Clueful web app is a great tool for finding out how apps use data and treat your privacy in a very easy to use format.  The app allows you to search for free iOS apps and lists the Top Free Apps, Top Offenders and Just Analyzed apps.  Clueful gets privacy details from the Bitdefender cloud and the database is constantly increasing with thousands of apps added every day.  Users have the ability to ‘Suggest an app’ for analysis through a link on the page and can rate apps and leave comments.

Clueful’s clues lets you find out:
Which apps access or even upload your own address book contacts to their cloud
Which apps can learn your real identity
Which apps might be carelessly sending your passwords over the internet and putting your accounts at risk
Which apps use and upload your UDID (Unique Device ID) to analyze what you do
Which apps can read your personal or business calendars
Which apps gather analytics in order to monitor you
Which apps can track your location
Which apps display ads
Which apps drain your battery through their improper use of background services, such as GPS or audio services

The top offender with the most clues is Countdown!! (with Facebook Event Countdowns) by Sevenlogics, Inc.  The app is a countdown to special days, i.e. birthdays, vacations.

Clueful shows that the app:
Encrypts stored data
Can display ads
May drain battery tracking location
Can change your calendar
Uploads your UDID (Sends your phone’s Unique Device ID to a remote server and was not encrypted)
Could track your location
Connects to Twitter (So you can share content with your friends or can be logged in to app services using Twitter credentials)
Tracks usage (Medialets analytics), ads
Tracks usage (Furry Analytics- used to display ads and gather data about your behavior like: the app in use, unique iPhone identifier, locale, city, gender and birth month), ads
Tracks usage (Google Analytics)
Can read your address book
Connects to Facebook
Uses your iPhone’s unique ID

Interestingly, NBC’s app was also a top offender, with seven clues.
Uses your iPhone’s unique ID
Connects to Facebook
May drain battery tracking location
Sends unencrypted username
Encrypts stored data
Uploads your UDID
Can track your location

For the Android market, Bitdefender has a Clueful Beta app.

If you would not download just anything off the internet, why would you download apps to your phone without doing any due diligence? It is important to use the same caution when downloading mobile apps as you would with clicking on unknown email or internet files.

Downloading a file or program from a known company’s website is generally safer than a random unknown site.  However when it comes to apps and mobile privacy that is not always the case.  You should exhibit the same caution to protect your privacy regardless of the apps’ popularity or size of the brand.

Delta Airlines, Inc. was sued in December 2012 for not complying with California’s law requiring privacy notices in all apps.  Despite receiving a warning letter with a 30-day cure period, Delta did not take action which resulted in the California Attorney General Kamala Harris filing suit.

Delta’s mobile app called “Fly Delta” reportedly collected the person’s name, phone number, birth date, email address, frequent flyer number and pin code, billing information, photo and geo-location data allegedly without the customer knowing how the data is collected or used by Delta.

The suit against Delta (People v. Delta Air Lines Inc., in California Superior Court, San Francisco, 12-526741) is the first under the 2004 law, California’s Online Privacy Protection Act which requires companies to release a privacy policy and give users the opportunity to read their policy prior to downloading an app that collects personal information from users.  Delta could potentially face fines up to $2,500 for each time the app was downloaded.

Delta is not the only large company whose app has gotten attention for privacy concerns, researchers at the Carnegie Mellon University Human-Computer Interaction Institute studied the data gathered by the top 100 most popular apps in Google’s Android App Store.  Over half (56 out of 100) of the apps collected location information, device identifiers and / or contact lists, without users knowing their data was taken or how it may be used.

The top 10 worst offenders for privacy and transparency are (in no ranking order):

Angry Birds game (device ID, location)
Backgrounds HD Wallpapers (device ID, contacts)
Brightest Flashlight (device ID, location)
Dictionary.com (device ID, location)
Horoscope (device ID, location)
Mouse Trap game (device ID)
Pandora Internet Radio (device ID, contacts)
Shazam music (device ID, location)
Talking Tom virtual pet (device ID)
Toss It game (device ID, location)

Do you want to read every text message, listen in on every phone call, see every video and picture on someone’s phone without them having a clue? There’s an app for that!
Are you interested in stalking someone? There’s an app for that!
Do you like to watch unsuspecting people around the world? There’s an app for that too!

There truly is an app for everything and here is our list of the creepiest and most intrusive apps.

Stealth Genie
The cell phone spy app is undetectable for iPhones, Android and Blackberry devices for “parental controls,” however it can be downloaded by anyone to spy on any phone. There are packages according to price and level of spying and all packages come with the ability to read all SMS incoming and outgoing messages, call history, all contacts, view browsing history, real time location tracking and location history of the phone. Upgraded plans include the basic plan options as well as allowing the user to record a phone’s surroundings up to 15 feet, access emails, view pictures and videos, back up and delete all data, installed app logs, iMessage chats/ Blackberry Messenger/ WhatsApp chats.  On Android phones the platinum plan allows the user to record phone calls.

Creepy
Desktop geo-location application enables the user to search for someone by their screen name (Flickr and Twitter) and will produce a map listing the history and location of their posts.  The app shows a map with pins of each location, the longitude and latitude as well as time of post.  It will only work if the person you are searching for has enabled location features.

PlaceMe
App keeps track of every location you have visited and there is no need to check in because it is always on.  Everything is automatic however it gives you the option to add notes to the places and it requires GPS data and Wi-Fi. According to the developers, Alohar Mobile, Inc., the information is private and SSL encrypted, but since it lists every location you have been to with your phone, if someone were to get their hands on the information it would be a huge breach of privacy.

Girls Around Me
Not currently relevant (was pulled out of App Store due to privacy concerns) but was a very creepy stalker app.  The app took the location check ins from Foursquare along with profile information from Facebook to create a map showing people’s names and personal information, faces and location, without anyone’s knowledge their information was available to look at on the app. After a blog post highlighting the app and its stalking tendencies went viral, Foursquare cut off the app’s API access to their data and Apple removed it from the App Store.

Lulu
Referred to as “Yelp for boys,” Lulu is an app for women that rates men.  By singing on through your Facebook (to prove that you are a woman, or at least registered on Facebook as a woman), you score men from 1-10 on categories like manners, sex and first kiss. Users have the option to be anonymous or share the reviews with others. #LuLuTags are used to give more information about a particular guy such as #StillLovesHisEx, #CouldUseSomeWork, #InACult, #NapoleonComplex, #TallDarkAndHandsome and many, many more.

Pikinis
Allows you to find all the pictures of your Facebook friends in bikinis and gives you the option to “pineapple” your favorite pictures for fast future viewing.  App accesses your Facebook page and then scans through the pictures of your friends for any pictures of them at the beach, pool, etc. (wearing a bikini).

Recognizr
Not available for download yet, but Swedish mobile software firm The Astonishing Tribe, is creating an app where you take a picture of someone and pull up their social network profiles.  Once the picture is taken it is sent to a server and using facial recognition technology it is matched up and sent back to the user with the subject’s name and links to their social networking sites.  Since the app is not available yet it is hard to say how the app will respect people’s privacy but some reviews say that one must opt in to be featured in the database.

Security Cam
App that turns a phone into a sneaky security camera, the phone has the ability to take pictures and video while the screen display is turned off.  The screen looks like it is asleep but the camera is on and taking pictures and videos.  Triggered by motion or sound setting turns your phone into a security and spy camera without anyone knowing they are being recorded.

Presence
Marketed as a way to reuse old iOS devices as a security system, the Presence app makes it possible for users to set up an iOS device to use as a video camera and another as a monitor through Wi-Fi. Both devices must have the app, and the device being used as a video camera must have the app turned on.  The app records a 5 second video clip when motion is detected and sends an email alert.  The developer’s People Power Cloud is allegedly secure and safe however the remote controlled camera is used through the internet.

Webcam Apps such as:
Spy Cams
Lets you watch live security camera feeds from around the world, 24 hours a day.

My Webcam
My Webcam Broadcaster function allows you to broadcast you own webcam for the world to see (also gives you the option to keep it “private” and manage broadcasts).  You can also watch other people’s webcams from around the world.

Infographic courtesy of BackgroundCheck.org