Zscaler: iOS apps leak more user data than Android apps

By analyzing the transaction status of devices protected by its own security products, Zscaler found that iOS applications leaked more user privacy information than Android apps. People often think that iOS is more secure than Android, but according to data detected by Zscaler from 45 million transactions last quarter, it was found that about 200,000 of them involved the leakage of user data by apps, including PII-level personal identity information (such as mobile phone numbers and email addresses), geographic location information (latitude and longitude coordinates), device metadata (IMEI code/MAC address/IMSI code/network/operating system/SIM card information/manufacturer), etc.

Zscaler said it tracked 26 million transactions from iOS devices (and iOS apps), and that 0.5% of user data was exposed, or 130,000 operations.

Of the leaked data, 72.3% was related to the user’s device information, 27.5% was geolocation coordinates, and only 0.2% was PII data exposed by the app.

Of all the cases of leaking user privacy data, 70% can be traced back to iOS devices in China, 20% are from South Africa, and the UK, US and Ireland make up the top five.

By comparison, Zscaler tracked 20 million transactions from Android apps, of which only 0.3% leaked user information (about 60,000).

Of the data leaked on the Android platform, 58% was device metadata, 39.3% was geolocation coordinates, and 3% was PII data. The largest number of Android device user information leaks occurred in the United States (55%), followed by the United Kingdom (16%) and China (12%).

The problem with user data leakage is the potential long-term threat. Over time, malicious actors can collect a large amount of information to pave the way for subsequent targeted attacks (such as phishing, SMS fraud, or denial of service/DoS attacks).