Path app uploads users' address book to their servers. Why didn't Apple catch this?

Discussion in 'iPhone' started by Calidude, Feb 7, 2012.

?

Should Apple protect customers from apps that try to access their address book?

  1. Yes.

    17 vote(s)
    73.9%
  2. No, the current policy is fine.

    6 vote(s)
    26.1%
  1. Calidude, Feb 7, 2012
    Last edited: Feb 7, 2012

    Calidude macrumors 68000

    Calidude

    Joined:
    Jun 22, 2010
    #1
    Came across this today.

    Seems that this social media company has been downloading their user's entire address books to their servers without asking the user's permission, and the CEO of this company admitted this was the case.

    http://9to5mac.com/2012/02/07/fyi-path-uploads-your-iphones-entire-address-book-to-their-servers/

    According to Apple's T&C's:

    Now, how was Path able to download people's entire address book to their servers if Apple were enforcing these conditions?

    We realize that apps like Whatsapp use your address book and phone number to function the way they are supposed to, but apps like Path never mention they will keep your address book on their servers.

    If Apple is doing their job vetting these apps, why would they let an app get away with downloading address book information to their servers without consent since Nov 15th, 2010 when the app was introduced?
     
  2. Calidude thread starter macrumors 68000

    Calidude

    Joined:
    Jun 22, 2010
    #2
  3. quasinormal macrumors 6502a

    Joined:
    Oct 26, 2007
    Location:
    Sydney, Australia.
    #3
    Lucky I don't have any friends and my sole addressee, my elderly mother, clicks on anything and everything anyway. Her 3 year old 10.5 install is still fine.

    That certainly wouldn't be the case if she had a jail broken device. It seems to me to be beside the point having an apple device and using it outside the walled garden. (since you mention it)

    But yeah, it sucks that people's information is being stolen. On a a completely unrelated note, how I can unfriend somebody from Facebook? I signed up the other month to get a cheap app and clicked on my teenage niece's picture on the side bar. I feel a bit creepy getting all her friends showing on my page when I check out some friend request, from some 3rd world hopeful, in the vain hope that it will be some amazonian nymphet that seriously wants to jump me.

    Maybe I should contact this developer to see if he'll sell me a list of said amazons.
     
  4. Daveoc64 macrumors 601

    Joined:
    Jan 16, 2008
    Location:
    Bristol, UK
    #4
    You can find many examples of Apps that break the App Store Guidelines.

    I don't see why people are shocked.
     
  5. cyks macrumors 68020

    cyks

    Joined:
    Jul 24, 2002
    Location:
    Westchester County, NY
    #5
    Wrongly worded since BOTH answers are correct. The policy is fine, Apple should just be doing more to make sure it's upheld.
     
  6. Calidude thread starter macrumors 68000

    Calidude

    Joined:
    Jun 22, 2010
    #6
    What kind of medication are you on?

    ----------

    Good point. Wish I could edit my poll. I didn't find the T&C's until after I made it.
     
  7. jtara macrumors 65816

    Joined:
    Mar 23, 2009
    #7
    As bad as Android is overall for security, with repeated bouts of malware gone wild in the Marketplace, it does have a better system for this sort of thing. There is a compartmentalized permissions system that iOS lacks. There should be popups similar to the one we get for gelocation access for access to sensitive data.

    If an application wants to use your address book, it should pop up a warning the first time, and it should be possible to later deny that access.

    What is scary is that these breaches have only been discovered because the app was sending the data in cleartext, and so it was possible to detect. If it had been sent using SSL, there would be no way to know.

    Of course Apple can detect during testing if the address book is being accessed. They could at least then insure that this is disclosed on the app page and in-app. But a permissions system would be better.

    I think if an app is accessing the address book and also making SSL connections, then Apple should demand that the developer pinky-swear that they aren't sending address book data to a server without disclosure.

    I do not understand why unfettered access to the contact list has never seemed to bother iPhone users. To me, this is AT LEAST as potentially damaging as location information.
     
  8. bri1212 macrumors 6502

    Joined:
    Feb 1, 2008
    #9
  9. BrandonZ macrumors 6502

    Joined:
    Jul 22, 2008
    #10
    Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3)

    It looks like they just updated the app to remove it
     
  10. Calidude thread starter macrumors 68000

    Calidude

    Joined:
    Jun 22, 2010
    #11
    I'm not sure why Apple didn't ban their app for breaking their T&C's.
     
  11. hakuna-matata macrumors 6502

    Joined:
    Sep 25, 2011
    #12
    aaand to me, contacts must be one of the most protected piece of user data on any cellphone OS. NOT your songs, NOT your videos. they stole the veryy private data of their users without notifying them, APOLOGY NOT ENOUGH!!
     
  12. ucfgrad93 macrumors P6

    ucfgrad93

    Joined:
    Aug 17, 2007
    Location:
    Colorado
    #13
    Agreed. I won't download it either.
     
  13. Calidude thread starter macrumors 68000

    Calidude

    Joined:
    Jun 22, 2010
    #14
    Like we need any more social media trash on our phones in the first place.
     
  14. ucfgrad93 macrumors P6

    ucfgrad93

    Joined:
    Aug 17, 2007
    Location:
    Colorado
    #15
    Agreed.
     
  15. quasinormal macrumors 6502a

    Joined:
    Oct 26, 2007
    Location:
    Sydney, Australia.
    #16
    Ha Ha. Well spotted. :D

    Good old nicotine. I recently stopped sucking 30-40 strong German fags a day by substituting them with nicotine patches and I get just a tiny bit high from them about 30 minutes after putting a couple on. Other than that I'm just happy, especially after seeing the light again from the black abyss that has been my life for the last 6 months following the sudden death of my beloved father. I was actually offered anti depressants from a GP when I saw him a while back about for multiple medical issues that resulted from not eating and abusing a cornucopia of illicit and legal, but socially acceptable drugs, but I refused after having seen what they have done to other people. No kool aid for me thank you very much. It seems ridiculous to me to be medicated for what is essentially existential angst. I've just got to ween myself off the patches, stop drinking coffee and then I'll be completely clean like I was before my father's death. I am a very strong believer of Albert Schwietser's maxim " The secret of happiness is good health and a bad memory"

    I do really do appreciate your expression of concern. By the way, is that Steve holding up a jug of Kool Aid in your avatar? I can see by your drollness that you are no fan of the straightjacket of conformity either.
     
  16. VulchR macrumors 68020

    VulchR

    Joined:
    Jun 8, 2009
    Location:
    Scotland
    #17
    This kind of privacy violation is one of the reason I do not trust Android - Google's only interest in it is to collect data about you. If that is used simply to provide better advertising, then I suppose it's OK. However, it worries me when I think of what could done with my data if it were in the wrong hands....

    In any case, this sort of thing should be illegal - indeed, isn't illegal in the EU to grab somebody's information without their informed consent?
     
  17. alesley03 macrumors newbie

    Joined:
    Feb 9, 2012
    #18
  18. ixodes macrumors 601

    ixodes

    Joined:
    Jan 11, 2012
    Location:
    Pacific Coast, USA
    #19
    Worried?

    Too late...

    If you're using the web - no matter if it's Google, Apple, Microsoft, or any App, you're info is captured.

    Welcome to life, circa 2012 :eek:
     

Share This Page