In the wake of the discovery that some Android and iOS crash analysis apps may be transmitting personal data without your knowledge, mobile research firm Appthority has issued a report on Appsee and Testfairy, indicating that thousands of apps on the App Store and Google Play Store use these two crash analyzer services to fix bugs.
Appsee has by far the larger presence, showing up in about 4,000 apps on iOS and 1,300 apps on Android, versus Testfairy appearing in about 200 Android apps and 175 iOS apps.
It should be noted, however, that neither Testfairy nor Appsee are deliberately exposing sensitive user data. Instead, the problem emerges from how the app developer uses the crash analysis service. Appsee provides guidelines on how to protect user information, but these are not universally followed.
As researchers at UC Santa Barbara learned last month, food delivery app GoPuff was inadvertently sending users' ZIP codes to Appsee as part of the crash analysis process. A representative for Appsee said that it deleted all recordings that GoPuff had sent, and it disabled the tracking mechanisms that the delivery startup was using to collect data for Appsee.
Why would this be a big deal?
The main issue is twofold. For one, Appsee and Testfairy work in part by taking screenshots of the user's display, which can expose you to privacy issues. As a rule, mobile apps do not prohibit screenshots from being taken. Encrypted text messengers like Signal are one of the few major exceptions.
FOLLOW Download.com on Twitter for all the latest app news.
Two, the developers using Appsee and Testfairy to analyze app crashes may not clearly state in their privacy policies that screenshots and other potentially private data are being recorded and analyzed and possibly sent to a third party for further inspection.
In addition to the screenshot issue, Appthority also points out that dozens of mobile apps which make use of Appsee and Testfairy can also open PDFs and Microsoft Office files -- spreadsheets, presentations, memos, and other documents. It uncovered 142 Appsee-partnered apps that were capable of opening a PDF, though Appthority does not identify them by name.
Granted, the iOS App Store claims over 2 million apps in its catalog, and the Google Play Store counts even more. Therefore, only a small percentage of apps are known to use Appsee or Testfairy.
That said, if you're using sensitive or personally identifiable data in any of your apps, you may want to take a closer look at their privacy policies and ask questions if you detect any ambiguities.
In desktop operating systems, automated crash data transmission rarely includes screenshots or other data that could include personally identifiable information, and the user customarily has full control over how or even if that data is sent, and full awareness that crash data is being recorded or transmitted. So if you need to work on sensitive documents or other files, you may want to stick to a Windows, MacOS, or Linux PC.
- Services such as Appsee and Testfairy, which are used to analyze crashes in your mobile apps, may be recording and transmitting personal information because of misuse of their analysis tools.
- People working with sensitive documents or communications may want to consider using a desktop operating system for these tasks instead, where crash analysis tools are customarily under much tighter control.
- Security expert shows how Venmo's surprisingly public user data can be mined for your private info
- Dashlane's new Inbox Security Scan can check your emails for malware
- How to beef up your Chrome and Firefox security in 2018
- Why more people don't use simple two-factor authentication (CNET)
- Google wants you to stop using its SMS two-factor sign-in (ZDNet)
- How to get users on board with two-factor authentication (TechRepublic)