Can Apps that we download from the App Store access personal info on our iPhones?

[Rybold]

For the past six weeks that I have had my iPhone3G, I have not downloaded any Apps. Just now I downloaded three Apps from iTunes App Store, and as I browsed more and more Apps, I started thinking ... Third-party developers design these Apps and all Apple does is distribute them ... is the personal info on my iPhone vulnerable to "uploading" by Apps?

(if there is already a thread on this, I couldn't find it. feel free to post a link and point me in the right direction)

 

[robbieduncan]

They can read/write the address book but that's it. Call histories, SMS etc cannot be accessed. Apple should be ensuring that apps don't do anything they shouldn't with the data they do access as well...

 

[hellomoto4]

all Apple does is distribute them ..

Don't forget they check them before distributing.

 

[b00st3d]

Don't forget they check them before distributing.

if they check them before distributing, then why do some apps get pulled after they have already been released?!

as to the original poster, this is the reason i do not use any of the 3rd party password apps. how do i know the apps dont send my personal info/passwords back to the developer!

 

[Small White Car]

I started thinking ... Third-party developers design these Apps and all Apple does is distribute them ... is the personal info on my iPhone vulnerable to "uploading" by Apps?

Yeah, it's possible.

But I hope you don't have any software on your computer. Because you have even LESS assurance that those are safe than you do with iPhone apps.

 

[BergerFan]

At the March 6 event, where they announced the 2.0 software and the App Store, Steve said that malicious apps won't get into the Store. One hopes that this is true.
I recall there was some security concerns (not sure exactly what they were) over the free App Store game Aurora Feint, which was pulled, then re-added once those issues were sorted out by the developers.

 

[dancavallaro]

as to the original poster, this is the reason i do not use any of the 3rd party password apps. how do i know the apps dont send my personal info/passwords back to the developer!

This is just a guess, but I'd bet that part of the testing Apple does before approving an app is inspecting any packets that it sends out, to make sure it's not sending information it shouldn't be.

 

[Rybold]

software on your computer.

Yikes! I didn't even think about that. An innocent-seeming App that has a hidden code that accesses your computer when your phone is synced, and installs spyware and keystroke logger!
...and installs a porn blocker! Oh no! Not a porn blocker!

 

[AppleMatt]

If I remember correctly, Aura Feint sent details of your contacts to their servers if you played it online (without telling you). I think they did this for a legitimate reason, like seeing if your friends were playing at the same time.

They chopped and changed how it worked, but eventually just pulled the feature and now it doesn't access your address book whatsoever.

AppleMatt

 

[b00st3d]

This is just a guess, but I'd bet that part of the testing Apple does before approving an app is inspecting any packets that it sends out, to make sure it's not sending information it shouldn't be.

again, their testing department has been known to let apps through only to pull them weeks later! so for those few weeks, my data has just been stored on some server somewhere! i could just be paranoid though, but I was trustful with my blackberry password keeper app, because it was written by RIM and comes with the device.