Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple to Require Explicit Permission for iOS Apps Accessing Address Book Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
I would actually prefer to have BOTH ways. This way I can decide NOT to install, for example, a game that requires access to my contacts or if I see way too many permissions for a simple app.
If I decide to install it anyways, then I can always block later. But please, only ask me once... No Windows Vista type thing, OK?
Cheers
The trust is with Apple, more so than the developer, as a direct result of the walled-garden approach that Apple polices so vigilantly. They have alleviated me, the user, from caring so much about the quality & integrity of iOS apps -- because they have strict guidelines & requirements from developers that must be adhered to & passed (supposedly). If an app is in the app store then, hey, it must be trustworthy. Right? I, as the user, don't even need to know what permissions the app needs because, after all, it passed the strict submission process. The "outrage", I think, comes from when this trust -- and the trust I have with Apple is greater than the trust I have with any XYZ Developer -- is, well, violated. Apple made a rule (that perhaps only ever took the form of a contract between itself and XYZ Developer) that wasn't enforced (contracts are breached all the time) & the price paid is end-user data effectively being stolen. Apple are obligated to protect our privacy at all costs since we, the iOS end-users, have no power other than choosing to not install an app (and this would be all the power we'd ever really need -- if apps are required to advertise what permissions they need).
Last edited:
what's in my phonebook that I don't want other people to know?
- my GF's contact info (we get already enough mail/email/phone calls from nutcases and stalkers that we have a dummy phone that we ignore)
- friends contact info that are CEO's and such who have public and private contact infos. they would be mightily pissed if their private info goes out.
- business partners contact info
- my lawyer
- my physicians contact info
- my shrink (I'm kidding but it is actually serious. you don't want other people to know that you see a shrink)
Honestly, can't you imagine that a person doesn't want their entire list of business clients uploaded to the servers of five different developers?
Can't you imagine that I'm worried that several of my physicians own iPhones and that developers know who their patients are? Including the birthdates, adresses and family members of those patients?
Okay, but...
This is the same power we have had for decades on Windows and Mac and Linux.
Apple found an area to improve our control of our private data based on this discovery and is going to implement it. The app that started this controversy (Path) quickly apologized for their actions and followed through with an appropriate response. This is how it is supposed to work. All is well.
To say that Apple obviously should have done this earlier is to ignore the security costs to yet another permission dialog. The more there are, the less people pay attention before they click okay. See the Android permission notice and Windows Vista as the poster children.
Ok, I'll give you some of those points. Business contacts could lead to a disadvantage when considering new projects etc, and the personal info for people that want to keep their private and public information separate I also understand.
Everything else, not buying it. The massive flood if information on the Internet makes it unlikely that anyone could even possibly connect the dots for relationships based solely on contact info. Heck a major problem with social networks is that there is TOO much information that they can't find easy patterns of behavior, motivation, etc.
As for not wanting people to know who your contacts are (as in who your lawyer is, your doctor) don't put that information in your address book to begin with (since why do you need it there? As a reminder who they are?) Since Facebook really took off, people (mostly younger people) have learned how to not put up specific information yet still stay involved. We know what to do and not do, and while our parents felt they needed to remind us over and over again not to tell a stranger where you live, we sorta knew that one already.
There's a tendency on the Internet to give out more information than you really need to. If someone asks you "do you know the time," the common answer is "it's 4:52" when what they were asking required only a "yes" answer. Same with technology.
And also, who thinks their importnt enough that someone would try and look through their phone book for the names of doctors or lawyers or shrinks to somehow get a leg up? Get over yourself.
This is a great idea but how many pop ups will we see at the opening of an app. Location, push notifications and now address book. Apple needs to make them one pop-up with a yes or no for each.
And also. Do social media apps really need access to your address book all the time? Maybe there should be an option for a just this once access
And also. Do social media apps really need access to your address book all the time? Maybe there should be an option for a just this once access
So basically this means that most if not all social apps will become crippled?
Thinking about it, even iCloud falls into this category!
End-users have no auditing power on iOS -- with the single sole exception of being able choose what apps to install or not install. And on what do we base this choice? Reviews? Trust with an unknown developer? We don't have much to go on because the system is so dramatically dumbed down (from end-user perspective) & responsibility for policing things like privacy policy is transferred out of our control & to Apple. On all those other platforms, that we've had for decades, end-users undeniably have had much more control and much more responsibility. In iOS land, Apple has a very large percentage of that responsibility because they make the rules. They don't even need to add a new permission dialogue -- they merely need to enforce their existing rules which they are obligated to do, for the sake of our privacy. And, being Apple, I'm sure they can come up with an elegant, simple way to do it that won't be overbearing for even the most attention-deficient users out there.
Last edited:
I think you are overstating the knowledge of your average PC user. The choice is based on the same things it always has been. With the exception that Apple has weeded out a huge percentage of actual malware. I would say that iOS users have more information to go on before downloading an app than your average PC user.
Really really great news, in fact I had been thinking of why this hadn't been done sooner upon first hearing about http://www.latimes.com/business/tec...e-morin-we-are-sorry-20120208,0,3106318.story
Contact books are a non-starter, and I see any non opt-in copying of that IP as straight up deception and theft. Even Facebook makes you explicitly agree to sharing graph information with apps (though ironically their app -- at least used to -- do the same thing on mobile).
Contact books are a non-starter, and I see any non opt-in copying of that IP as straight up deception and theft. Even Facebook makes you explicitly agree to sharing graph information with apps (though ironically their app -- at least used to -- do the same thing on mobile).
They can have my address books... I'm staying on 5.0.1 with my Jailbreak.
EDIT: I have nothing to hide, so I don't care if they get my addresses. I assume Apple has access to all my data anyways, and AT&T to anything I send OTA.
EDIT: I have nothing to hide, so I don't care if they get my addresses. I assume Apple has access to all my data anyways, and AT&T to anything I send OTA.
What about your boss getting contacted with contextual ads based on the other information the system is scraping from you?
What if you work with celebrities / politicians / etc? Do you trust all of the people whose hands your data is going to pass through?
"Nothing to hide" is an idiotic argument in this case.
Your wrong actually, Android was much stricter about info apps to can access from other apps. Unless that app is given permission to do so or runs in root privileges, it cannot access those things.
So what was he wrong about? Per his example, if I download a text messaging app and give it permission to access my address book, run in the background, and send text messages, what's to prevent what he described from happening?
Serious question.
Unfortunately a chain is only as strong as it's weakest link, and apps on Android can override permissions via the intents system:
http://www.theregister.co.uk/2011/11/30/google_android_security_bug/
Video here: http://www.youtube.com/watch?v=xGwTviVRcrg
This includes "turn[ing] on a recorder that collects nearby audio or phone conversations. The app is also able to send unauthorized text messages."
All without declaring these as specific permissions.
If that's true, how did all these apps get into the App Store to start with? I mean, they all had to go through the approval process from Apple to get in the App Store, and that is one of the main excuses for Apple being able to have such control over apps -- to protect users from malware and spyware they might contain.
Apple certainly doesn't hesitate to reject apps for all sorts of vague reasons. Are they completely ignoring what the apps is doing with its network access because they're too busy looking for private APIs or something else that competes with their own software products?
Now that Apple is aware of these developers breaking the rules, what action is Apple going to take against them? Will their Apps be pulled, or are they just going to get a slap on the wrist?
So what about all the apps that uploaded the address books already? Do they have to give it up (lots of luck with that)? How do we know they are not selling the info to 3rd parties?
I still have the disks for that somewhere... six 5.25" floppies, if I recall correctly!
One more thing to consider - it is absolutely NOT in the best interest of these businesses to be giving away this contact information, even if they sell it. Imagine how fast something like Twitter would implode if it was discovered that it was selling your contact book to third parties. They hold your contacts for 18 months, they could easily do that.
The reason they don't do things like this is because the company would quite simply die a very fast and public death. It would lose all value once people turned against it. For that reason, above all others, I don't ever see companies that have our contact information truly having an impact on anyone's privacy. Because if it did, you could say goodbye to that company faster than a New York minute.
The reason they don't do things like this is because the company would quite simply die a very fast and public death. It would lose all value once people turned against it. For that reason, above all others, I don't ever see companies that have our contact information truly having an impact on anyone's privacy. Because if it did, you could say goodbye to that company faster than a New York minute.
Ah, yet another reason to put off buying an i-Device a little while longer until you guys are finished getting all the "privacy bugs" worked out.
- It's your personal cell phone! If you aren't allowed to keep certain phone numbers in your own damn phone where are you allowed to keep them so they're convenient to you? That's like saying your shouldn't keep tax information on your own computer.
- You don't have any friends or family who have unlisted phone numbers? Would you wants some app slurping them up to sell them to a marketing list?