Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 15, 2012, 12:16 PM   #26
Michaelgtrusa
macrumors 601
 
Michaelgtrusa's Avatar
 
Join Date: Oct 2008
Location: Everywhere And Nowhere
Really? What about Google and the Government themselves?
__________________
iMACAll life is an experiment. The more experiments you make the better.
TWITTER TUMBLR
Michaelgtrusa is offline   -5 Reply With Quote
Old Feb 15, 2012, 12:20 PM   #27
dethmaShine
macrumors 68000
 
Join Date: Apr 2010
Location: Into the lungs of Hell
Quote:
Originally Posted by gnasher729 View Post
If an app uploads my complete address book to their servers, which is absolutely no ****ing business of theirs, then Apple should refund the money to all purchasers, remove the app permanently, and ban the developer. There is just no excuse in the world for that.

No. Sandboxing isn't about asking permission, it is about being able to do something or not. An app can request the ability to access your address book or not. If it requests it, it can. If it doesn't, it can't. They idea is that when deciding to accept the app or not, Apple will check whether the app has requested the ability, and if the app has any good reason to do so.

Another thing is that Apple can eventually provide sandboxed code to do things. For example, some code that lets the user choose a name from the address book and send an email to that person. That code would live in its little sandbox with access to address book and email. However, the rest of the application wouldn't be able to access the address book. So a game could allow you to send a picture to a friend that way, without itself being able to read your address book.
I so wish that happens to Path and all the other apps on the app store.
__________________
Steve is smiling down from above.
-darkfiber
dethmaShine is offline   2 Reply With Quote
Old Feb 15, 2012, 12:21 PM   #28
f00f
macrumors 6502a
 
Join Date: Feb 2009
Location: New Yawk
Quote:
Originally Posted by Michaelgtrusa View Post
Really? What about Google and the Government themselves?
Two fine examples for Apple to, you know, not emulate.
__________________
13" MBA mid 2012 | 27" iMac late 2012 | iPhone 5S 64GB Space Gray
f00f is offline   -2 Reply With Quote
Old Feb 15, 2012, 12:24 PM   #29
samcraig
macrumors G5
 
Join Date: Jun 2009
I posted about this on the 9th

http://forums.macrumors.com/showthread.php?t=1321588
samcraig is offline   1 Reply With Quote
Old Feb 15, 2012, 12:29 PM   #30
John.B
macrumors 68040
 
Join Date: Jan 2008
Location: Flyover Country
Google has a complete record of people's emails, voicemails, websurfing habits (remember, with the new "privacy policy" they are indexing your entire web existence if you use their 8.8.8.8 DNS), Google+ friends and interactions, the list is almost endless.

The iOS address book security needs to be address, but it's definitely the low hanging fruit for a much larger privacy issue.

BTW, does anyone know what address book security comes stock in an Android phone?
__________________
Apple develops an improved programming language. Google copied Java. Everything you need to know, right there.

MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A
John.B is offline   -1 Reply With Quote
Old Feb 15, 2012, 12:33 PM   #31
0dev
macrumors 68040
 
0dev's Avatar
 
Join Date: Dec 2009
Location: 127.0.0.1
So Android and WP7 phones are more secure then? Since they, you know, actually let you know when apps want access to your personal data? Interesting turn of events there. Been considering jumping ship to Android for quite some time anyway.
__________________
"What kind of arrogant ass would quote themselves in their signature?" -0dev
0dev is offline   3 Reply With Quote
Old Feb 15, 2012, 12:34 PM   #32
danwayfilms
macrumors member
 
Join Date: Feb 2012
This site really should be renamed "iOS - Rumors, News, Controversies, and Everything iPad - Forget everything else"
danwayfilms is offline   -2 Reply With Quote
Old Feb 15, 2012, 12:35 PM   #33
samcraig
macrumors G5
 
Join Date: Jun 2009
Quote:
Originally Posted by John.B View Post
Google has a complete record of people's emails, voicemails, websurfing habits (remember, with the new "privacy policy" they are indexing your entire web existence if you use their 8.8.8.8 DNS), Google+ friends and interactions, the list is almost endless.
Slight difference I believe. If I'm using someone's services for my email and contact information - I can pretty much assume - since they are HOSTING that info - they have access to it.

However - this is completely differerent. A private device with personal data which is then being unknowingly uploaded to 3rd parties without consent.

If you don't see the difference, well....
samcraig is offline   7 Reply With Quote
Old Feb 15, 2012, 12:35 PM   #34
ChazUK
macrumors 603
 
ChazUK's Avatar
 
Join Date: Feb 2008
Location: Essex (UK)
Quote:
Originally Posted by John.B View Post

The iOS address book security needs to be address, but it's definitely the low hanging fruit for a much larger privacy issue.

BTW, does anyone know what address book security comes stock in an Android phone?
Every application you install on Android gives a full list of permissions before installing it (as does Windows Phone 7).



If you don't want to give a third party access to that info, you simply cancel the installation.
__________________
Windows 8 Desktop | HP Chromebook 11 | Moto G GPE | iPhone 4s | iPad Mini Retina | Nexus 7
ChazUK is offline   2 Reply With Quote
Old Feb 15, 2012, 12:37 PM   #35
0dev
macrumors 68040
 
0dev's Avatar
 
Join Date: Dec 2009
Location: 127.0.0.1
Quote:
Originally Posted by samcraig View Post
Slight difference I believe. If I'm using someone's services for my email and contact information - I can pretty much assume - since they are HOSTING that info - they have access to it.

However - this is completely differerent. A private device with personal data which is then being unknowingly uploaded to 3rd parties without consent.

If you don't see the difference, well....
Exactly. Google services have your data if you use them to manage that data by your own choice. They won't start downloading personal data from Android phones without telling users.

----------

Quote:
Originally Posted by ChazUK View Post
Every application you install on Android gives a full list of permissions before installing it (as does Windows Phone 7).



If you don't want to give a third party access to that info, you simply cancel the installation.
If you're on CM, you can also choose which permissions certain apps are allowed.
__________________
"What kind of arrogant ass would quote themselves in their signature?" -0dev
0dev is offline   2 Reply With Quote
Old Feb 15, 2012, 12:38 PM   #36
iScott428
macrumors regular
 
Join Date: Feb 2011
Location: Orlando, FL
Quote:
Originally Posted by tigres View Post
Because they have sent how many of these letters in the past 12 months? Why can't they concern themselves with true privacy issues like the FCRA and the credit agencies that sell our private information legally when someone pulls your credit. Ever wonder why you get calls from unknown's after you apply for financing? Google "Trigger Leads".... Why can't they focus on this REAL issue that has been around for 7 years now. This is a real privacy issue... selling your personal information legally @ pennies.

The company that F'd this up apologized, removed the data, and tried to make amends. I do not condone this as to be OK, but I am sick of all these media driven congressmen with a hard on lately when there are far worse privacy issues out there that need addressing.
Best post in the thread. Google is in bed with the Gov, and as well all know now the National mortgage system has absoluetly no flaws...

Path Apologized, corrected the mistake and updated the app. Couldn't imagine if this had happened in any other OS environment, how much worse the privacy loss would have been and at the same time how much less media/political official abuse it would have taken.
__________________
2.2 GHz MPB, 2GB, 120 GB HD;2.4 Mac Mini 8gb 320HD Iphone 8gb> W 3GS 32gb> 4s 64gb W; 32GB Ipad Wifi> 64gb iPad 2 wifi+3G; 16GB Ipod Nano 6G; ATV2; Airport Extreme & Express;Apple Keyboard on Work PC.
iScott428 is offline   -2 Reply With Quote
Old Feb 15, 2012, 12:39 PM   #37
nokuchikushi
macrumors member
 
Join Date: Jan 2012
Doesn't work

Yeah, because people really pay attention to the fine print.

Most every app is going to ask for some access to some kind of resource on your phone, so this "warning" route is ridiculously stupid. It may seem nice but the reality is it's next to useless. You'd never install anything.

The problem wasn't really that Path was accessing the address book data, is that is was uploading it to their servers and storing it there. That is the big issue and that's what all the hysterical whining is ignoring.

Your Windows app example doesn't address this. It just says the app wants to access something. Well, then, what's it going to do with it? It doesn't say. That's why it's useless. And that's why people will end up saying, "Okay." Just like they do for virus software.


Quote:
Originally Posted by ChazUK View Post
This whole fisaco is why I like to see a list of permissions before installing an app, ala WP7/Android.
Flashlight app wants full internet access, location and contacts? No install for you!

Example:
Image
nokuchikushi is offline   -2 Reply With Quote
Old Feb 15, 2012, 12:40 PM   #38
ChazUK
macrumors 603
 
ChazUK's Avatar
 
Join Date: Feb 2008
Location: Essex (UK)
Quote:
Originally Posted by 0dev View Post
If you're on CM, you can also choose which permissions certain apps are allowed.
I must admit, I've taken advantage of that feature on a few apps myself. That is a great addition to CyanogenMod. Can't wait for CM9 to hit stable.
__________________
Windows 8 Desktop | HP Chromebook 11 | Moto G GPE | iPhone 4s | iPad Mini Retina | Nexus 7
ChazUK is offline   3 Reply With Quote
Old Feb 15, 2012, 12:45 PM   #39
0dev
macrumors 68040
 
0dev's Avatar
 
Join Date: Dec 2009
Location: 127.0.0.1
Quote:
Originally Posted by nokuchikushi View Post
Yeah, because people really pay attention to the fine print.

Most every app is going to ask for some access to some kind of resource on your phone, so this "warning" route is ridiculously stupid. It may seem nice but the reality is it's next to useless. You'd never install anything.

The problem wasn't really that Path was accessing the address book data, is that is was uploading it to their servers and storing it there. That is the big issue and that's what all the hysterical whining is ignoring.

Your Windows app example doesn't address this. It just says the app wants to access something. Well, then, what's it going to do with it? It doesn't say. That's why it's useless. And that's why people will end up saying, "Okay." Just like they do for virus software.
When I've owned Android phones in the past, I've always made sure not to install apps which ask for more permissions than they need to do their job properly. For example, I was about to install a music app until I saw it wanted access to my system settings, list of running applications, full internet access, phone identity, GPS location, and a load of other stuff, so I didn't install it. If an App Store app wanted all that, I would have no way to judge whether or not it was necessary.

And again, with CM you can control which permissions apps are allowed to have. Additionally, with DroidWall you can only allow whitelisted apps to access the internet.

Apple likes to keep their users in the dark to make everything look simple, which is fine up to a point, but in these cases it's best to give more information to those who want it.
__________________
"What kind of arrogant ass would quote themselves in their signature?" -0dev
0dev is offline   1 Reply With Quote
Old Feb 15, 2012, 12:46 PM   #40
lilo777
Banned
 
Join Date: Nov 2009
Quote:
Originally Posted by nokuchikushi View Post
Yeah, because people really pay attention to the fine print.

Most every app is going to ask for some access to some kind of resource on your phone, so this "warning" route is ridiculously stupid. It may seem nice but the reality is it's next to useless. You'd never install anything.

The problem wasn't really that Path was accessing the address book data, is that is was uploading it to their servers and storing it there. That is the big issue and that's what all the hysterical whining is ignoring.

Your Windows app example doesn't address this. It just says the app wants to access something. Well, then, what's it going to do with it? It doesn't say. That's why it's useless. And that's why people will end up saying, "Okay." Just like they do for virus software.
Android's way may not be ideal but it's probably the only possible one. Besides, your depiction of the situation is totally wrong. Most applications do not really need that many privileges (games etc.). And for those few that do need the privileges you have to do dew diligence ad make sure that you deal with a reputable vendor.
lilo777 is offline   0 Reply With Quote
Old Feb 15, 2012, 12:47 PM   #41
calderone
macrumors 68040
 
calderone's Avatar
 
Join Date: Aug 2009
Location: Seattle
Quote:
Originally Posted by gnasher729 View Post
If an app uploads my complete address book to their servers, which is absolutely no ****ing business of theirs, then Apple should refund the money to all purchasers, remove the app permanently, and ban the developer. There is just no excuse in the world for that.
There is nothing wrong with what they did. Their business is to run a social network. A part of which is to connect users.

Do yourself a favor and read this article: http://mattgemmell.com/2012/02/11/ha...n-social-apps/


Quote:
Originally Posted by lilo777 View Post
Android's way may not be ideal but it's probably the only possible one. Besides, your depiction of the situation is totally wrong. Most applications do not really need that many privileges (games etc.). And for those few that do need the privileges you have to do dew diligence ad make sure that you deal with a reputable vendor.
If a game has a multiplayer aspect, connecting users with Address Book information is definitely an option.

The problem with the permission model is:

1. The messages themselves are not written to be easily digested
2. People have been conditioned to just click/tap "Ok" or "Install" or "Ok, just leave me alone."

Number two is mainly a result of number one. The result is the same in most cases whether you are asked for permission or not.

I think developers should be granted the entitlements, but still take the step of saying "Hey, can I do this?"
__________________
ACSA, ACMT

Last edited by calderone; Feb 15, 2012 at 12:52 PM.
calderone is offline   1 Reply With Quote
Old Feb 15, 2012, 12:49 PM   #42
the8thark
macrumors 68030
 
the8thark's Avatar
 
Join Date: Apr 2011
Quote:
Originally Posted by allpar View Post
I think what Congress intends to do is make the "free market" fix its problems with the attention and threat of legislation.

Just leaving the "free market" to fix things was tried and is still tried. Certain things are not fixable by the free market. Adam Smith said as much in The Wealth of Nations. I realize it's politically incorrect to suggest laissez faire capitalism was not handed to us by God, but ... rivers aren't supposed to burn.
Agreed.

If you are multinational company and screw up billions of dollars, the government gives you a bailout to save the company. But if you are a small company hiring 1-50 people having a rough time you get no assistance and they let you go under.

There is a saying in Australia. The nation is built on the back of small business. Mind you here it's the same, they let small business rot. But at least here they acknowledge it.

And that's the injustice we all have to live with. I say let the free market sort it out. If the multinational companies falter and their board members embezzle money then let the company go under. It will serve them right to do the right thing. Cause at the moment the big companies are rewarded for screwing up. And it sickens me.
the8thark is offline   2 Reply With Quote
Old Feb 15, 2012, 12:53 PM   #43
samcraig
macrumors G5
 
Join Date: Jun 2009
I wonder how many people think this is no big deal because they genuinely think that (and would think that if it was google or microsoft). Or because it's Apple.
samcraig is offline   2 Reply With Quote
Old Feb 15, 2012, 12:54 PM   #44
ChazUK
macrumors 603
 
ChazUK's Avatar
 
Join Date: Feb 2008
Location: Essex (UK)
Quote:
Originally Posted by nokuchikushi View Post
Yeah, because people really pay attention to the fine print.

Most every app is going to ask for some access to some kind of resource on your phone, so this "warning" route is ridiculously stupid.
Read section 17.1 of the iOS guidelines:
Quote:
Apps cannot transmit data about a user without obtaining the userís prior permission and providing the user with access to information about how and where the data will be used.
"Warning" users is the current solution by obtaining permission before obtaining data to some extent. In Path's case, they were in breech of the guidelines by not doing it.

Had path added a popup with what they intended to do with your contacts with an accept/deny button, things would be fine.
__________________
Windows 8 Desktop | HP Chromebook 11 | Moto G GPE | iPhone 4s | iPad Mini Retina | Nexus 7
ChazUK is offline   2 Reply With Quote
Old Feb 15, 2012, 12:54 PM   #45
John.B
macrumors 68040
 
Join Date: Jan 2008
Location: Flyover Country
Quote:
Originally Posted by ChazUK View Post
Every application you install on Android gives a full list of permissions before installing it (as does Windows Phone 7).

If you don't want to give a third party access to that info, you simply cancel the installation.
It's all or nothing, though, right?
__________________
Apple develops an improved programming language. Google copied Java. Everything you need to know, right there.

MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A
John.B is offline   2 Reply With Quote
Old Feb 15, 2012, 12:55 PM   #46
Shrink
macrumors Demi-God
 
Shrink's Avatar
 
Join Date: Feb 2011
Location: New England, USA
I bow to no man in my intense dislike and general distrust of, cynicism toward, and general revulsion felt for politicians.

However, in this situation, I don't see the harm in looking into the privacy issue. Granted, the majority of people here on MR are able to protect themselves. But there are a whole lot of folks out there who are not as knowledgeable, and some kind of warning, toggle, opt-out, etc. would help protect the less sophisticated.

I know it's a horrible bother to us know-it-alls, but any privacy protections that can be put in place are welcome, as far as I'm concerned.
__________________
Two things are infinite, the universe and human stupidity; and I'm not sure about the universe. -- Albert Einstein
Shrink is offline   3 Reply With Quote
Old Feb 15, 2012, 12:56 PM   #47
0dev
macrumors 68040
 
0dev's Avatar
 
Join Date: Dec 2009
Location: 127.0.0.1
Quote:
Originally Posted by ChazUK View Post
Read section 17.1 of the iOS guidelines:


"Warning" users is the current solution by obtaining permission before obtaining data to some extent. In Path's case, they were in breech of the guidelines by not doing it.

Had path added a popup with what they intended to do with your contacts with an accept/deny button, things would be fine.
I wonder why Apple allowed the app in the first place, seeing as they check the code for every single one? Looks like that approach doesn't do much for security after all, it just gives Apple an excuse to keep its users in the dark.
__________________
"What kind of arrogant ass would quote themselves in their signature?" -0dev
0dev is offline   1 Reply With Quote
Old Feb 15, 2012, 12:56 PM   #48
samcraig
macrumors G5
 
Join Date: Jun 2009
Quote:
Originally Posted by ChazUK View Post
Read section 17.1 of the iOS guidelines:


"Warning" users is the current solution by obtaining permission before obtaining data to some extent. In Path's case, they were in breech of the guidelines by not doing it.

Had path added a popup with what they intended to do with your contacts with an accept/deny button, things would be fine.
To further...

If apps have to be APPROVED by Apple and Apple has guidelines - then Apple (in my opinion) is just as liable for a breech in security. If you're going to have a TOS - it's up to you (Apple) to enforce it.
samcraig is offline   5 Reply With Quote
Old Feb 15, 2012, 12:57 PM   #49
lilo777
Banned
 
Join Date: Nov 2009
After a week of silence, Apple has finally responded to reports that iOS apps like Path and Twitter access user contact data without permission.
Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.

Do you get it? It'll become even better (i.e. implying that you already have it so good )
lilo777 is offline   1 Reply With Quote
Old Feb 15, 2012, 12:57 PM   #50
Winter Charm
macrumors 6502a
 
Winter Charm's Avatar
 
Join Date: Jul 2008
I think it is PERFECTLY reasonable to have the same system for personal information that iOS has for accessing location.

"This app is requesting access to your ___________"
Allow or Deny?

that blank can be replaced with:
1. Address Book
2. Photos
3. Music Library
4. Location
5. Personal information (includes Notes, Reminders, email and SMS conversations, calendar events, etc.)

If you deny, it can be:

"this app requires you enter __________ or create an account to work, please manually enter your email address in the field below"


So, it's totally feasible. And you can have toggles for it, just like you do for location.

At least apple has an approval process for apps. On Android, this issue is totally rampant... It's disturbing to see it here, too.


EDIT: Regarding this: “Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”

I'm GLAD. Good job, Apple. I fully expect this in 5.1
__________________
21.5 2010 iMac; 15" 2011 MBP 2.2Ghz; iPad 2 64GB Wifi; iPhone 4S 32GB; Late 2009 Mac mini 2.5Ghz
Winter Charm is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
NSA Servers Collect Personal Data Sent by iPhone Apps MacRumors Politics, Religion, Social Issues 260 Jan 31, 2014 09:59 PM
Importing Address Book Data garycurtis Mac Basics and Help 2 Dec 28, 2012 01:01 PM
Where is address book data located? shomenno OS X 1 Dec 10, 2012 01:20 AM
Apple Requires User Permission Before Apps Can Access Personal Data in iOS 6 MacRumors MacRumors.com News Discussion 102 Jun 26, 2012 02:12 PM

Forum Jump

All times are GMT -5. The time now is 03:24 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC