Clueful, from the security company BitDefender, is the first and only app auditor I've seen for iOS users. The app scans installed and uninstalled apps for required permissions, or access levels, so you won't feel blind sided if you belatedly discover your free app is tracking your whereabouts. It's worth downloading if you're paranoid about iOS apps storing and leeching data from your devices, but at nearly two and a half quid it's too pricey for the less paranoid.
Catalin Cosoi, head of BitDefender's research labs, cited a string of recent privacy taboos on iOS as the motivation behind creating Clueful. In February, apps from Facebook, Twitter, and Path all came under fire when developers discovered that the apps were storing address books without users' permissions. Some apps collect your device's UDID (Unique Device Identification Number), though Apple is cracking down on this practice.
The iOS Permission System
Plenty has been written about Android's permissions-based security model. Before you download an Android app from Google Play, developers are required to list all the permissions upfront. Less security-minded Android users just ignore this list and download the app anyway, but it's one of the easiest ways to prevent your device from downloading malware, spyware, and adware.
Apple iOS has a loose permission-based system too, but it works very differently. Instead of listing permissions upfront, you download the app first and the app will push out alerts asking for your permission to access certain resources - when the app needs them. If you're determined to use an app, you probably blindly tap 'OK' to everything.
However, even with this model in place, iOS apps aren't explicit enough about required permissions. That's how Path got in trouble - in February, users of the popular social networking app discovered that the app were exporting (through unencrypted means) entire address books and storing them in their servers.
Few Surprises for the Privacy Conscious
The app is easy enough for the Luddites in your life to use and understand. After installing and launching Clueful, it runs a quick scan of your existing apps and lists the results in alphabetical order. One annoying bug I (and other reviewers) encountered here is that some installed apps were listed twice, or Clueful listed apps you haven't even installed. Tap the name of an app to see an entire list of permissions, and swipe across for helpful explanations of permissions. Within the app you can also search for apps you're thinking about installing, which is extremely useful.
Clueful scanned hundreds of installed apps on my iPhone 4. I was surprised, but not alarmed, by about 20 per cent of the results. Most of the apps, including Facebook, Twitter, Evernote, listed 3-5 permissions, such as access to my address book or analytics tracking. Communications apps like AIM, ICQ, and Google Voice all recorded my iPhone's Unique ID. Opera Mini (Free, 3.5 stars) required zero permission (it's a wrapper for Safari, so that's not terribly surprising).
The key permissions to look out for here are whether or not it encrypts your data, and which companies are tracking data on your devices (Flurry? Google? Facebook?).
Promising, But Incomplete
One frustrating part is that Clueful hasn't scanned the entire App Store (I'm still waiting on Draw Something), but BitDefender said thousands of apps are being added every day. At the moment, you'll only find free apps in Clueful's database, given they are potentially more threatening to your privacy.
Despite its heritage in PC security, BitDefender designs slick apps, so I'd love to see Clueful expand its database of scanned apps and reduce the app's cost. After all, Clueful provides information rather than a service, so I wouldn't consider it a must-have yet.
Pros: First iOS app auditor; User-friendly interface.
Cons: Expensive; Incomplete database of apps; Lacks shortcut to uninstall threatening apps; Buggy.
- Published under license from Ziff Davis, Inc., New York, All rights reserved.
- Copyright © 2012 Ziff Davis, Inc.