Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Path app uploads users' address book to their servers. Why didn't Apple catch this?

Should Apple protect customers from apps that try to access their address book?

  • Yes.

    Votes: 17 73.9%

  • No, the current policy is fine.

    Votes: 6 26.1%
  • Total voters
    23
Calidude

Calidude

macrumors 68000
Original poster
Jun 22, 2010
1,730
0
Came across this today.

Seems that this social media company has been downloading their user's entire address books to their servers without asking the user's permission, and the CEO of this company admitted this was the case.

http://9to5mac.com/2012/02/07/fyi-path-uploads-your-iphones-entire-address-book-to-their-servers/

According to Apple's T&C's:

17.1: Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used

17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
Click to expand...
Now, how was Path able to download people's entire address book to their servers if Apple were enforcing these conditions?

We realize that apps like Whatsapp use your address book and phone number to function the way they are supposed to, but apps like Path never mention they will keep your address book on their servers.

If Apple is doing their job vetting these apps, why would they let an app get away with downloading address book information to their servers without consent since Nov 15th, 2010 when the app was introduced?
 
Last edited:
Lucky I don't have any friends and my sole addressee, my elderly mother, clicks on anything and everything anyway. Her 3 year old 10.5 install is still fine.

That certainly wouldn't be the case if she had a jail broken device. It seems to me to be beside the point having an apple device and using it outside the walled garden. (since you mention it)

But yeah, it sucks that people's information is being stolen. On a a completely unrelated note, how I can unfriend somebody from Facebook? I signed up the other month to get a cheap app and clicked on my teenage niece's picture on the side bar. I feel a bit creepy getting all her friends showing on my page when I check out some friend request, from some 3rd world hopeful, in the vain hope that it will be some amazonian nymphet that seriously wants to jump me.

Maybe I should contact this developer to see if he'll sell me a list of said amazons.
 
Should Apple protect customers from apps that try to access their address book?
  • Yes.
  • No, the current policy is fine.
Click to expand...

Wrongly worded since BOTH answers are correct. The policy is fine, Apple should just be doing more to make sure it's upheld.
 
quasinormal said:
Lucky I don't have any friends and my sole addressee, my elderly mother, clicks on anything and everything anyway. Her 3 year old 10.5 install is still fine.

That certainly wouldn't be the case if she had a jail broken device. It seems to me to be beside the point having an apple device and using it outside the walled garden. (since you mention it)

But yeah, it sucks that people's information is being stolen. On a a completely unrelated note, how I can unfriend somebody from Facebook? I signed up the other month to get a cheap app and clicked on my teenage niece's picture on the side bar. I feel a bit creepy getting all her friends showing on my page when I check out some friend request, from some 3rd world hopeful, in the vain hope that it will be some amazonian nymphet that seriously wants to jump me.

Maybe I should contact this developer to see if he'll sell me a list of said amazons.
Click to expand...
What kind of medication are you on?

----------
cyks said:
Wrongly worded since BOTH answers are correct. The policy is fine, Apple should just be doing more to make sure it's upheld.
Click to expand...
Good point. Wish I could edit my poll. I didn't find the T&C's until after I made it.
 
As bad as Android is overall for security, with repeated bouts of malware gone wild in the Marketplace, it does have a better system for this sort of thing. There is a compartmentalized permissions system that iOS lacks. There should be popups similar to the one we get for gelocation access for access to sensitive data.

If an application wants to use your address book, it should pop up a warning the first time, and it should be possible to later deny that access.

What is scary is that these breaches have only been discovered because the app was sending the data in cleartext, and so it was possible to detect. If it had been sent using SSL, there would be no way to know.

Of course Apple can detect during testing if the address book is being accessed. They could at least then insure that this is disclosed on the app page and in-app. But a permissions system would be better.

I think if an app is accessing the address book and also making SSL connections, then Apple should demand that the developer pinky-swear that they aren't sending address book data to a server without disclosure.

I do not understand why unfettered access to the contact list has never seemed to bother iPhone users. To me, this is AT LEAST as potentially damaging as location information.
 
Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3)

It looks like they just updated the app to remove it
 
Calidude said:
I'm not sure why Apple didn't ban their app for breaking their T&C's.
Click to expand...

aaand to me, contacts must be one of the most protected piece of user data on any cellphone OS. NOT your songs, NOT your videos. they stole the veryy private data of their users without notifying them, APOLOGY NOT ENOUGH!!
 
Calidude said:
What kind of medication are you on?......
Click to expand...

Ha Ha. Well spotted. :D

Good old nicotine. I recently stopped sucking 30-40 strong German fags a day by substituting them with nicotine patches and I get just a tiny bit high from them about 30 minutes after putting a couple on. Other than that I'm just happy, especially after seeing the light again from the black abyss that has been my life for the last 6 months following the sudden death of my beloved father. I was actually offered anti depressants from a GP when I saw him a while back about for multiple medical issues that resulted from not eating and abusing a cornucopia of illicit and legal, but socially acceptable drugs, but I refused after having seen what they have done to other people. No kool aid for me thank you very much. It seems ridiculous to me to be medicated for what is essentially existential angst. I've just got to ween myself off the patches, stop drinking coffee and then I'll be completely clean like I was before my father's death. I am a very strong believer of Albert Schwietser's maxim " The secret of happiness is good health and a bad memory"

I do really do appreciate your expression of concern. By the way, is that Steve holding up a jug of Kool Aid in your avatar? I can see by your drollness that you are no fan of the straightjacket of conformity either.
 
This kind of privacy violation is one of the reason I do not trust Android - Google's only interest in it is to collect data about you. If that is used simply to provide better advertising, then I suppose it's OK. However, it worries me when I think of what could done with my data if it were in the wrong hands....

In any case, this sort of thing should be illegal - indeed, isn't illegal in the EU to grab somebody's information without their informed consent?
 
Worried?

Too late...

If you're using the web - no matter if it's Google, Apple, Microsoft, or any App, you're info is captured.

Welcome to life, circa 2012 :eek:
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back