Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Congress Weighs in on iOS Apps Collecting Address Book and Other Personal Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
Google has a complete record of people's emails, voicemails, websurfing habits (remember, with the new "privacy policy" they are indexing your entire web existence if you use their 8.8.8.8 DNS), Google+ friends and interactions, the list is almost endless.
The iOS address book security needs to be address, but it's definitely the low hanging fruit for a much larger privacy issue.
BTW, does anyone know what address book security comes stock in an Android phone?
The iOS address book security needs to be address, but it's definitely the low hanging fruit for a much larger privacy issue.
BTW, does anyone know what address book security comes stock in an Android phone?
This site really should be renamed "iOS - Rumors, News, Controversies, and Everything iPad - Forget everything else"
Slight difference I believe. If I'm using someone's services for my email and contact information - I can pretty much assume - since they are HOSTING that info - they have access to it.
However - this is completely differerent. A private device with personal data which is then being unknowingly uploaded to 3rd parties without consent.
If you don't see the difference, well....
Every application you install on Android gives a full list of permissions before installing it (as does Windows Phone 7).
If you don't want to give a third party access to that info, you simply cancel the installation.
Exactly. Google services have your data if you use them to manage that data by your own choice. They won't start downloading personal data from Android phones without telling users.
----------
Every application you install on Android gives a full list of permissions before installing it (as does Windows Phone 7).
If you don't want to give a third party access to that info, you simply cancel the installation.
If you're on CM, you can also choose which permissions certain apps are allowed.
Best post in the thread. Google is in bed with the Gov, and as well all know now the National mortgage system has absoluetly no flaws...
Path Apologized, corrected the mistake and updated the app. Couldn't imagine if this had happened in any other OS environment, how much worse the privacy loss would have been and at the same time how much less media/political official abuse it would have taken.
Doesn't work
Yeah, because people really pay attention to the fine print.
Most every app is going to ask for some access to some kind of resource on your phone, so this "warning" route is ridiculously stupid. It may seem nice but the reality is it's next to useless. You'd never install anything.
The problem wasn't really that Path was accessing the address book data, is that is was uploading it to their servers and storing it there. That is the big issue and that's what all the hysterical whining is ignoring.
Your Windows app example doesn't address this. It just says the app wants to access something. Well, then, what's it going to do with it? It doesn't say. That's why it's useless. And that's why people will end up saying, "Okay." Just like they do for virus software.
Yeah, because people really pay attention to the fine print.
Most every app is going to ask for some access to some kind of resource on your phone, so this "warning" route is ridiculously stupid. It may seem nice but the reality is it's next to useless. You'd never install anything.
The problem wasn't really that Path was accessing the address book data, is that is was uploading it to their servers and storing it there. That is the big issue and that's what all the hysterical whining is ignoring.
Your Windows app example doesn't address this. It just says the app wants to access something. Well, then, what's it going to do with it? It doesn't say. That's why it's useless. And that's why people will end up saying, "Okay." Just like they do for virus software.
I must admit, I've taken advantage of that feature on a few apps myself. That is a great addition to CyanogenMod. Can't wait for CM9 to hit stable.
When I've owned Android phones in the past, I've always made sure not to install apps which ask for more permissions than they need to do their job properly. For example, I was about to install a music app until I saw it wanted access to my system settings, list of running applications, full internet access, phone identity, GPS location, and a load of other stuff, so I didn't install it. If an App Store app wanted all that, I would have no way to judge whether or not it was necessary.
And again, with CM you can control which permissions apps are allowed to have. Additionally, with DroidWall you can only allow whitelisted apps to access the internet.
Apple likes to keep their users in the dark to make everything look simple, which is fine up to a point, but in these cases it's best to give more information to those who want it.
Android's way may not be ideal but it's probably the only possible one. Besides, your depiction of the situation is totally wrong. Most applications do not really need that many privileges (games etc.). And for those few that do need the privileges you have to do dew diligence ad make sure that you deal with a reputable vendor.
There is nothing wrong with what they did. Their business is to run a social network. A part of which is to connect users.
Do yourself a favor and read this article: http://mattgemmell.com/2012/02/11/hashing-for-privacy-in-social-apps/
If a game has a multiplayer aspect, connecting users with Address Book information is definitely an option.
The problem with the permission model is:
1. The messages themselves are not written to be easily digested
2. People have been conditioned to just click/tap "Ok" or "Install" or "Ok, just leave me alone."
Number two is mainly a result of number one. The result is the same in most cases whether you are asked for permission or not.
I think developers should be granted the entitlements, but still take the step of saying "Hey, can I do this?"
Last edited:
Agreed.
If you are multinational company and screw up billions of dollars, the government gives you a bailout to save the company. But if you are a small company hiring 1-50 people having a rough time you get no assistance and they let you go under.
There is a saying in Australia. The nation is built on the back of small business. Mind you here it's the same, they let small business rot. But at least here they acknowledge it.
And that's the injustice we all have to live with. I say let the free market sort it out. If the multinational companies falter and their board members embezzle money then let the company go under. It will serve them right to do the right thing. Cause at the moment the big companies are rewarded for screwing up. And it sickens me.
Read section 17.1 of the iOS guidelines:
"Warning" users is the current solution by obtaining permission before obtaining data to some extent. In Path's case, they were in breech of the guidelines by not doing it.
Had path added a popup with what they intended to do with your contacts with an accept/deny button, things would be fine.
I bow to no man in my intense dislike and general distrust of, cynicism toward, and general revulsion felt for politicians.
However, in this situation, I don't see the harm in looking into the privacy issue. Granted, the majority of people here on MR are able to protect themselves. But there are a whole lot of folks out there who are not as knowledgeable, and some kind of warning, toggle, opt-out, etc. would help protect the less sophisticated.
I know it's a horrible bother to us know-it-alls, but any privacy protections that can be put in place are welcome, as far as I'm concerned.
However, in this situation, I don't see the harm in looking into the privacy issue. Granted, the majority of people here on MR are able to protect themselves. But there are a whole lot of folks out there who are not as knowledgeable, and some kind of warning, toggle, opt-out, etc. would help protect the less sophisticated.
I know it's a horrible bother to us know-it-alls, but any privacy protections that can be put in place are welcome, as far as I'm concerned.
I wonder why Apple allowed the app in the first place, seeing as they check the code for every single one? Looks like that approach doesn't do much for security after all, it just gives Apple an excuse to keep its users in the dark.
To further...
If apps have to be APPROVED by Apple and Apple has guidelines - then Apple (in my opinion) is just as liable for a breech in security. If you're going to have a TOS - it's up to you (Apple) to enforce it.
After a week of silence, Apple has finally responded to reports that iOS apps like Path and Twitter access user contact data without permission.
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
Do you get it? It'll become even better (i.e. implying that you already have it so good)
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
Do you get it? It'll become even better (i.e. implying that you already have it so good
)
I think it is PERFECTLY reasonable to have the same system for personal information that iOS has for accessing location.
"This app is requesting access to your ___________"
Allow or Deny?
that blank can be replaced with:
1. Address Book
2. Photos
3. Music Library
4. Location
5. Personal information (includes Notes, Reminders, email and SMS conversations, calendar events, etc.)
If you deny, it can be:
"this app requires you enter __________ or create an account to work, please manually enter your email address in the field below"
So, it's totally feasible. And you can have toggles for it, just like you do for location.
At least apple has an approval process for apps. On Android, this issue is totally rampant... It's disturbing to see it here, too.
EDIT: Regarding this: “Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
I'm GLAD. Good job, Apple. I fully expect this in 5.1
"This app is requesting access to your ___________"
Allow or Deny?
that blank can be replaced with:
1. Address Book
2. Photos
3. Music Library
4. Location
5. Personal information (includes Notes, Reminders, email and SMS conversations, calendar events, etc.)
If you deny, it can be:
"this app requires you enter __________ or create an account to work, please manually enter your email address in the field below"
So, it's totally feasible. And you can have toggles for it, just like you do for location.
At least apple has an approval process for apps. On Android, this issue is totally rampant... It's disturbing to see it here, too.
EDIT: Regarding this: “Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
I'm GLAD. Good job, Apple. I fully expect this in 5.1