Many websites and services now have apps that they use to further distribute their solutions via smartphone. However, when it comes to your business’s sensitive information, which is more secure: the mobile app, or the web-based client? Researchers from Northeastern University performed a study that asked this question, and the results might shock you.
The study selected 50 of the most popular free services available online that feature equal functionality through both the website and the mobile apps on Android and iOS. Researchers compared data leakage that could be used to identify a user through both platforms. The team made sure to take samples from a variety of industries, including business, news, shopping, music, and weather. They logged in as regular users before tracking how this information was being used and/or shared by the site with advertisers and data analytics companies.
Of course, the answer isn’t as simple as claiming that one leaks more data than the other. According to research team member and assistant professor David Choffnes, the results vary. He actually expected that the applications would leak more data since they have a more direct connection to it. The margin was much closer than expected--in 40 percent of their tested cases, the website version of a service shared more information with external parties than the mobile application.
The type of information shared also depended on the platform chosen by the user. Websites would share the user’s name and location, while apps tended to share a device’s unique ID number. Between the app and the website, the service was capable of collecting a significant amount of information about the user, which came as a shock to the research team.
While there might be real reasons why these services would share information, this didn’t stop the research team from being somewhat concerned. If a user is unaware of how an app or service uses their information, they might be under the false pretense that the service has exclusive access to it. The research team hopes to spread awareness of credential information sharing, and has gone so far as to provide an online report of which information is leaked by certain apps. You can also use this online tool to understand which method (website or app) is the most secure way of accessing the service.
It’s always best to keep your data close, as it’s a valuable and sensitive asset that cannot be put at risk.