Apple's New App Store Guidelines Restrict Apps From Harvesting Data From iPhone Users' Friends

Discussion in ' News Discussion' started by MacRumors, Jun 12, 2018.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Apple last week updated its App Store Review Guidelines for developers after unveiling iOS 12, introducing rules for remote mirroring apps, banning cryptocurrency mining, and introducing clear rules to allow developers to provide free trials for paid apps.

    At the same time, Apple also quietly expanded its data sharing rules, as Bloomberg points out, introducing strict new guidelines that prevent app developers from collecting user data to build advertising profiles or contact databases. The rules also prohibit apps from harvesting data from an iPhone user's contacts. From Apple's updated 5.1.2 data sharing guidelines:
    The wording of the updated 5.1.2 guideline puts an end to secretive data collection techniques, where developers collect data from an iPhone user's contacts and then use it for marketing and advertising purposes. In the past, developers have used iPhone contact lists, which include phone numbers, email addresses, photos, and other information, for unsavory advertising and data collection purposes.

    One developer explained to Bloomberg just how much data was accessible and how easily it could be obtained and abused without Apple's knowledge:
    Developers are now expressly forbidden from using apps to build user profiles and contact databases and from misusing contact information and other sensitive user data. Apple has also prohibited apps from sending out mass texts to a user's contact list without explicit user permission. Developers who are caught breaking Apple's new data sharing rules may be banned from the App Store.

    The full App Store Guidelines for developers can be viewed on Apple's website.

    Article Link: Apple's New App Store Guidelines Restrict Apps From Harvesting Data From iPhone Users' Friends
  2. H3LL5P4WN macrumors 68020


    Jun 19, 2010
    Pittsburgh PA
  3. Jyby macrumors 6502

    May 31, 2011
    So they're going to remove Facebook from the App Store right?

    EDIT: Or I declare hypocrisy!
  4. DataChris macrumors member


    Nov 5, 2007
    Does anyone know the specifics of what data/fields are shared/uploaded when agreeing to share iOS contacts with an app or service? Is it just the contact’s Name, Number & Email or is everything uploaded, Notes, Photos, Address, etc?
  5. Jyby, Jun 12, 2018
    Last edited: Jun 13, 2018

    Jyby macrumors 6502

    May 31, 2011
    They do make contact info shared in the API doc:

    And, I think Apple should list out what fields are shared when you agree to those requests for data. Like when you use an App what data about your device do developers get to know about?

    But it should be easier for consumers to read.

    Although there could also be undocumented abilities once the user agrees to share this information... Abilities that Facebook or other developers could be privy to.
  6. alphaod macrumors Core


    Feb 9, 2008
    This is excellent. I usually forbid apps from accessing my contacts unless I really know the app.
  7. Herb128K macrumors newbie

    Oct 23, 2014
    Perhaps I didn't read the above "Apple guidelines" carefully enough but the words "should not," and "do not," don't actually restrict apps from harvesting the data or building the profiles that they're not supposed to do anymore! Am I missing something?
  8. ersan191 macrumors 65816

    Oct 26, 2013
    Facebook, Messenger, Instagram, Snapchat, Amazon, Google Maps/Voice/Docs/etc

    Ban em all
  9. DataChris macrumors member


    Nov 5, 2007
    Absolutely! In fact, Apple, iOS should enable a way for users to select/prevent specific contacts and/or groups of contacts from being shared at all (family, kids, etc) as well as options to prevent specific contact data/fields from being shared at all (like Notes, Address, Photos, Secondary numbers/emails, etc)!
  10. 1252 macrumors member


    May 14, 2018
  11. WannaGoMac macrumors 68020


    Feb 11, 2007
    Unfortunately the cat is out of the bag on this one...but better late than never. All our contact info has been shared by our friends to every big and medium sized company on the planet by now.

    As others ask, guess Facebook, Instagram, and WhatsApp will be banned now?
  12. zorinlynx macrumors 603


    May 31, 2007
    Florida, USA
    This is why I almost always say "no" when apps ask for access to my contacts. It feels like selling out my friends.
  13. manu chao macrumors 603

    Jul 30, 2003
    And the reverse of sharing only a specific group.
  14. slimtastic Suspended


    May 17, 2018
    Your Mother's Bedroom
    Hold on. I knew developers could easily steal Contacts info and I think they could easily steal all photos in a photo library if access is granted. Is that accurate?
  15. bluecoast macrumors 65816

    Nov 7, 2017
    I feel really naive that I allowed (some) if the apps that I used to access things like this.

    And whilst I’m not exactly blaming Apple, because the App Store was always curated, I generally trusted any apps there to not use my info for anything other than providing the functionality that the apps claimed to.

    I really had no idea that so much data harvesting was going on. Even though it seems obvious now, in retrospect.

    I guess we have the European GDPR rules and the bigger focus on privacy in the USA to thank for this.

    Oh well. ‘Won’t get fooled again’ as the Who once sang.

    P.S. the upshot of all of this is that I don’t trust any third party email apps now, or contact apps or even photo editors.

    Maybe I’m being paranoid but I just feel that I’ve no control over what happens to my data once I open that door, no way of knowing what’s really going on and if my data or metadata isn’t being silently uploaded somewhere.
  16. manu chao macrumors 603

    Jul 30, 2003
    Agreed, I just checked and I have only given six apps this permission:
    • One of them being Apple's own Airport Utility
    • Two being calendar apps (I guess one usage is when auto-completeing an entry based on names in ones address book)
    • Two of them being 'social media', Skype & Signal, for both of which having access to the contacts list is essential when you want to contact somebody else by starting with their name only
    • An app to create a map where the locations of a group people are marked.
    None of them would need to upload any data from my address book to function but Skype probably does so.
  17. 1252 macrumors member


    May 14, 2018
    "....and the bigger focus on privacy in the USA...."

    This is really a good joke.
  18. Jyby macrumors 6502

    May 31, 2011
    Yeah basically. If you give them access.

    And btw... Apple wouldn't know it... Because once your app is reviewed in the store you could just flip the switch on the server to enable the part of your code that actually uploads your photos library.

    Apple doesn't review your source code at that level of detail.
  19. OldSchoolMacGuy Suspended


    Jul 10, 2008
    Great deal. Far too many apps allowed your friends to determine if they shared YOUR details. Nothing like someone you haven't seen since high school giving your contact information and all kinds of other stuff to some random advertiser.
  20. manu chao macrumors 603

    Jul 30, 2003
    On the Mac (or PC) most apps could always access most files on the computer (unless encrypted like the keychain). But most application types were created before the widespread connectivity of todays computing devices (or any connectivity at all). Nobody ever thought, eg, a drawing application would upload your contacts. This was largely because the business case to so for the app developer didn't really exist (though malware used your list of contacts to spread itself almost right from the start of connected computing). Part of it is that the value of personal data (including your list of contacts, alternative email addresses) has increased for advertisers and social media companies. Part of it is that if Photoshop uploaded your photos (or address book), it would damage the product and company quickly (though companies producing essentials would get a free pass for quite a lot).
  21. Unimpossible macrumors member


    Jun 1, 2018
    They should also narrow down the permissions to specifics.
    E.g. when you want to share an image from an app, that app shouldn't have to have read/write/delete permissions to all your storage. Just get permission to upload that one image, that one time.
  22. gwaizai macrumors regular


    Aug 8, 2016
    I'm happy to offer myself up in The Reaping to protect my friends...not!
  23. bluecoast macrumors 65816

    Nov 7, 2017
    Yes indeed, totally. I never thought anything of allowing apps like NS communicator to store my contacts.

    I mean why not? They didn’t have any use for them (and indeed they didn’t in those halcyon days that you describe).

    I now feel so stupid for getting sucked into the hype of first trying out free Web 2.0 Ajax apps around 2004-2007.

    Hey it was all hip, cool and fun - and it was all FREE!

    And so what if I needed to connect my google account to these sites for them to work & give them full access?

    Ditto the wave of apps up till about a few years ago when I started to get a little suspicious.

    They all had cool names, awesome designs, were kinda cool & were probably just trying to get bought up like Instagram.

    They wouldn’t be harvesting my data on the side, would they?

    I mean that would be so square and uncool and these apps were cool - and I was so stupid. I guess most of us were.
  24. Jyby, Jun 12, 2018
    Last edited: Jun 13, 2018

    Jyby macrumors 6502

    May 31, 2011
    I think we need more laws to expand company whistle blowing... Companies shouldn't be able to write silences on human rights abuse into their NDAs. Just like Osha protects workers, there should be laws (or more incentive?) that protect employees from spilling malpractice at there work place.
  25. C DM macrumors Sandy Bridge

    Oct 17, 2011
    So you'd basically need to grant permissions each time you want to do something like that? Pretty sure quite a few people would be complaining about that.

Share This Page

56 June 12, 2018