You buy an app and install it. Later after opening it up you find that the crossword app you purchased wants to upload your location along with your contacts. NO WAY you say, but the developer at least has your money now if Apple were to choose to notify you of permissions only after you bought and paid for an app. What about that makes sense to you?
I already granted (a few posts up) that it would be OK for a list of permissions to be displayed at the time you install the app. But that is just a start; it's not enough. That's where my idea comes into play.
And if you have the ability to decide that the App doesn't have any legitimate use for some pieces of data to complete its designated task, and you are given the option to stuff the app full of fake data to allow it to continue running, then you can continue to run the app, making use of all the features you wanted (and were willing to pay for), without giving up any personal information you don't want the App author to have access to. So where's the problem?
I already granted (a few posts up) that it would be OK for a list of permissions to be displayed at the time you install the app. But that is just a start; it's not enough. That's where my idea comes into play.
And if you have the ability to decide that the App doesn't have any legitimate use for some pieces of data to complete its designated task, and you are given the option to stuff the app full of fake data to allow it to continue running, then you can continue to run the app, making use of all the features you wanted (and were willing to pay for), without giving up any personal information you don't want the App author to have access to. So where's the problem?
The problem is there is always a workaround and the thing we should be focusing is education. Nerd solution is not a solution that will work for general population.
I already granted (a few posts up) that it would be OK for a list of permissions to be displayed at the time you install the app. But that is just a start; it's not enough. That's where my idea comes into play.
And if you have the ability to decide that the App doesn't have any legitimate use for some pieces of data to complete its designated task, and you are given the option to stuff the app full of fake data to allow it to continue running, then you can continue to run the app, making use of all the features you wanted (and were willing to pay for), without giving up any personal information you don't want the App author to have access to. So where's the problem?
In addition to the list of permissions prior to purchase and install? Nothing really I suppose since some users would find it advantageous. Had you not said "that's not what I want" we probably wouldn't need the last dozen or so posts.
Note that you'll also see some number of users that vociferously complain about having to repeatedly give permission or get popups when they use the app. Probably no way to make everyone happy.
If you think applications from the official App Store are less likely to surreptitiously upload users' data than Cydia apps for jailbroken devices, a new study says you may be mistaken.
From 9to5mac, without further comment:
"...Cydia apps leaked private data less than apps available on the iTunes App Store."
If you think applications from the official App Store are less likely to surreptitiously upload users' data than Cydia apps for jailbroken devices, a new study says you may be mistaken.
From 9to5mac, without further comment:
"...Cydia apps leaked private data less than apps available on the iTunes App Store."
Whoa, I think this is dangerous. It would be a hacker's dream to get everyone to go jailbreak their phones in the name of "security". Right now there is a niche group of savy developers writing Cydia apps and most (or all) of those have legitimate uses because so few people do jailbreak (a least relative to those who do not). Also, I would say most of those people are more savy and paranoid/careful anyway. So, I would have to say the results are skewed.
The average person is probably unaware of the trouble they could get into if they jailbreak their phone. Whether it be the security concern, voiding their warranty, or accidentally bricking your phone and having no idea how to get it back.
Yeah no one will like this because it suggest mimicking Android (with some slight alterations). I don't get why people so strongly criticize the Android model when the current popups feel out of place to me and seem to be like UA in Windows Vista.
I think they could do something with icons so you could clearly see what an app needed permissions for. You could clearly show them in the app store. For instance, cross hair for location, calendar for calendar, envelope for SMS, etc. If that info was available in the App Store, you could even hide apps that want access to certain information from (perhaps you would even have to opt in for certain permissions).
The permissions would also be presented on install (or first run) as well. As long as it is very visual instead of a laundry list of permissions, I think it would grab people's attention.
And this might allow Apple to open the API a little more by making certain apps hidden unless you opt-in to see the apps that request those higher level permissions. As long as it is all visual and concise, I think people could follow it.
So how can I lock down my contacts to make sure no app is accessing them?
If an app I installed got MY contacts without permission, that's a serious problem for me (and my clients). So the upshot is I can't have them on my phone AFAIK. At least when considering a cloud storage service like Google or Dropbox or whatever I can look at their privacy terms to determine if I can legally use them. With this development I was rather blindsided by Apple. Yeah, I know I shouldn't have trusted them. Ironically, my bosses could install stuff so we could brick the phone if it's stolen, but we can't prevent one of Apple's big shot developers from stealing the info on the phone. Great. And another irony: can you imagine the hoo-rah from Cupertino when a website gets Apple's confidential info?
Sometimes I wonder if companies like Apple have any awareness of what people who do real work with their products want and need.
So how can I lock down my contacts to make sure no app is accessing them?
If an app I installed got MY contacts without permission, that's a serious problem for me (and my clients). So the upshot is I can't have them on my phone AFAIK. At least when considering a cloud storage service like Google or Dropbox or whatever I can look at their privacy terms to determine if I can legally use them. With this development I was rather blindsided by Apple. Yeah, I know I shouldn't have trusted them. Ironically, my bosses could install stuff so we could brick the phone if it's stolen, but we can't prevent one of Apple's big shot developers from stealing the info on the phone. Great. And another irony: can you imagine the hoo-rah from Cupertino when a website gets Apple's confidential info?
Sometimes I wonder if companies like Apple have any awareness of what people who do real work with their products want and need.
Rob
You are absolutely correct. If you are contractually bound to keep certain information private, and you also keep that information on your iPhone, then the only possible solutions are:
1) Remove all such information from your phone, or
2) Do not install any 3rd party Apps on your phone at all, because it is impossible for you to know for sure that any of them might be breaking the rules without informing you.
Perhaps you will have additional options after Apple makes its next round of iOS firmware revisions. But for now, it's either one or the other.
It looks like Apple and others like Google and MS were pressured by California into an agreement to be more forthcoming on app permissions and privacy.
"California Attorney General Kamala D. Harris announced today an agreement with Apple and five other tech companies including Google, Amazon, HP, RIM, and Microsoft, that will see all companies implementing new standards for displaying privacy policies for apps that collect personal data. The press release described the agreement:
The agreement with the platforms is designed to ensure that mobile apps comply with the California Online Privacy Protection Act. The Act requires operators of commercial web sites and online services, including mobile apps, who collect personally identifiable information about Californians to conspicuously post a privacy policy.
The new agreement will force Apple and the other companies to implement a method of displaying a privacy policy to the user before an app is downloaded.
While this is good news it's plugging a small leak in a dam while the water gushes from many other places. Many sync their address books between Mac and Windows with every app we install having access to our data.
You mean going backwards? Because having a list over 20 items an app may access that appears when you install the app isn't sensible and therefore isn't security.
While you may take heed that a wallpaper app is trying to get access to your contacts most people just click through confusing and technical lists.
I'll be curious how Apple displays the permissions. According to Apple's Security section of the iOS6 release notes (courtesy of 9to5):
"In iOS 6, the system now protects Calendars, Reminders, Contacts, and Photos as part of Apple’s data isolation privacy initiative.
Users will see access dialogs when an app tries to access any of those data types. The user can switch access on and off in Settings > Privacy.
There are APIs available to allow developers to set a “purpose” string that is displayed to users to help them understand why their data is being requested."
It sounds as tho it's almost identical to Android's permission model, with the added ability to selectively disable access?
Comments
You buy an app and install it. Later after opening it up you find that the crossword app you purchased wants to upload your location along with your contacts. NO WAY you say, but the developer at least has your money now if Apple were to choose to notify you of permissions only after you bought and paid for an app. What about that makes sense to you?
I already granted (a few posts up) that it would be OK for a list of permissions to be displayed at the time you install the app. But that is just a start; it's not enough. That's where my idea comes into play.
And if you have the ability to decide that the App doesn't have any legitimate use for some pieces of data to complete its designated task, and you are given the option to stuff the app full of fake data to allow it to continue running, then you can continue to run the app, making use of all the features you wanted (and were willing to pay for), without giving up any personal information you don't want the App author to have access to. So where's the problem?
I already granted (a few posts up) that it would be OK for a list of permissions to be displayed at the time you install the app. But that is just a start; it's not enough. That's where my idea comes into play.
And if you have the ability to decide that the App doesn't have any legitimate use for some pieces of data to complete its designated task, and you are given the option to stuff the app full of fake data to allow it to continue running, then you can continue to run the app, making use of all the features you wanted (and were willing to pay for), without giving up any personal information you don't want the App author to have access to. So where's the problem?
The problem is there is always a workaround and the thing we should be focusing is education. Nerd solution is not a solution that will work for general population.
I already granted (a few posts up) that it would be OK for a list of permissions to be displayed at the time you install the app. But that is just a start; it's not enough. That's where my idea comes into play.
And if you have the ability to decide that the App doesn't have any legitimate use for some pieces of data to complete its designated task, and you are given the option to stuff the app full of fake data to allow it to continue running, then you can continue to run the app, making use of all the features you wanted (and were willing to pay for), without giving up any personal information you don't want the App author to have access to. So where's the problem?
In addition to the list of permissions prior to purchase and install? Nothing really I suppose since some users would find it advantageous. Had you not said "that's not what I want" we probably wouldn't need the last dozen or so posts.
Note that you'll also see some number of users that vociferously complain about having to repeatedly give permission or get popups when they use the app. Probably no way to make everyone happy.
From 9to5mac, without further comment:
"...Cydia apps leaked private data less than apps available on the iTunes App Store."
http://9to5mac.com/2012/02/15/study-...s/#more-138620
If you think applications from the official App Store are less likely to surreptitiously upload users' data than Cydia apps for jailbroken devices, a new study says you may be mistaken.
From 9to5mac, without further comment:
"...Cydia apps leaked private data less than apps available on the iTunes App Store."
http://9to5mac.com/2012/02/15/study-...s/#more-138620
Whoa, I think this is dangerous. It would be a hacker's dream to get everyone to go jailbreak their phones in the name of "security". Right now there is a niche group of savy developers writing Cydia apps and most (or all) of those have legitimate uses because so few people do jailbreak (a least relative to those who do not). Also, I would say most of those people are more savy and paranoid/careful anyway. So, I would have to say the results are skewed.
The average person is probably unaware of the trouble they could get into if they jailbreak their phone. Whether it be the security concern, voiding their warranty, or accidentally bricking your phone and having no idea how to get it back.
http://arstechnica.com/apple/news/20...n-security.ars
ArsTechnica has a well-written article with good advice IMO. Worth the read.
http://arstechnica.com/apple/news/20...n-security.ars
Yeah no one will like this because it suggest mimicking Android (with some slight alterations). I don't get why people so strongly criticize the Android model when the current popups feel out of place to me and seem to be like UA in Windows Vista.
I think they could do something with icons so you could clearly see what an app needed permissions for. You could clearly show them in the app store. For instance, cross hair for location, calendar for calendar, envelope for SMS, etc. If that info was available in the App Store, you could even hide apps that want access to certain information from (perhaps you would even have to opt in for certain permissions).
The permissions would also be presented on install (or first run) as well. As long as it is very visual instead of a laundry list of permissions, I think it would grab people's attention.
And this might allow Apple to open the API a little more by making certain apps hidden unless you opt-in to see the apps that request those higher level permissions. As long as it is all visual and concise, I think people could follow it.
If an app I installed got MY contacts without permission, that's a serious problem for me (and my clients). So the upshot is I can't have them on my phone AFAIK. At least when considering a cloud storage service like Google or Dropbox or whatever I can look at their privacy terms to determine if I can legally use them. With this development I was rather blindsided by Apple. Yeah, I know I shouldn't have trusted them. Ironically, my bosses could install stuff so we could brick the phone if it's stolen, but we can't prevent one of Apple's big shot developers from stealing the info on the phone. Great. And another irony: can you imagine the hoo-rah from Cupertino when a website gets Apple's confidential info?
Sometimes I wonder if companies like Apple have any awareness of what people who do real work with their products want and need.
Rob
So how can I lock down my contacts to make sure no app is accessing them?
If an app I installed got MY contacts without permission, that's a serious problem for me (and my clients). So the upshot is I can't have them on my phone AFAIK. At least when considering a cloud storage service like Google or Dropbox or whatever I can look at their privacy terms to determine if I can legally use them. With this development I was rather blindsided by Apple. Yeah, I know I shouldn't have trusted them. Ironically, my bosses could install stuff so we could brick the phone if it's stolen, but we can't prevent one of Apple's big shot developers from stealing the info on the phone. Great. And another irony: can you imagine the hoo-rah from Cupertino when a website gets Apple's confidential info?
Sometimes I wonder if companies like Apple have any awareness of what people who do real work with their products want and need.
Rob
You are absolutely correct. If you are contractually bound to keep certain information private, and you also keep that information on your iPhone, then the only possible solutions are:
1) Remove all such information from your phone, or
2) Do not install any 3rd party Apps on your phone at all, because it is impossible for you to know for sure that any of them might be breaking the rules without informing you.
Perhaps you will have additional options after Apple makes its next round of iOS firmware revisions. But for now, it's either one or the other.
http://9to5mac.com/2012/02/22/apple-...r-mobile-apps/
"California Attorney General Kamala D. Harris announced today an agreement with Apple and five other tech companies including Google, Amazon, HP, RIM, and Microsoft, that will see all companies implementing new standards for displaying privacy policies for apps that collect personal data. The press release described the agreement:
The agreement with the platforms is designed to ensure that mobile apps comply with the California Online Privacy Protection Act. The Act requires operators of commercial web sites and online services, including mobile apps, who collect personally identifiable information about Californians to conspicuously post a privacy policy.
The new agreement will force Apple and the other companies to implement a method of displaying a privacy policy to the user before an app is downloaded.
Sounds like Vista for iOS
what about the battery issue in iPhone 4S? I think it should be done on priority basis.
Quote:
Originally Posted by SolipsismX
While this is good news it's plugging a small leak in a dam while the water gushes from many other places. Many sync their address books between Mac and Windows with every app we install having access to our data.
You mean going backwards? Because having a list over 20 items an app may access that appears when you install the app isn't sensible and therefore isn't security. While you may take heed that a wallpaper app is trying to get access to your contacts most people just click through confusing and technical lists.
I'll be curious how Apple displays the permissions. According to Apple's Security section of the iOS6 release notes (courtesy of 9to5):
"In iOS 6, the system now protects Calendars, Reminders, Contacts, and Photos as part of Apple’s data isolation privacy initiative.
Users will see access dialogs when an app tries to access any of those data types. The user can switch access on and off in Settings > Privacy.
There are APIs available to allow developers to set a “purpose” string that is displayed to users to help them understand why their data is being requested."
It sounds as tho it's almost identical to Android's permission model, with the added ability to selectively disable access?