App seems to ignore iOS Privacy setting

beegeebeegee
Posted:
in iPhone edited October 2014

I've assumed that iOS enforces its Privacy settings, but now it appears that it might not: Fantastical 2 displays one of my calendars even though its iOS Privacy setting for Calendars is set to Off (i.e., deny access). The calendar is sync'd with a CalDAV server (I also have calendars that are sync'd with iTunes, and they are hidden as expected). 

 

I first observed this behavior with Fantastical 2 v2.1.4 on iOS 8.0.2. The misbehavior persisted when I updated Fantastical 2 to v2.2, and when I updated iOS to v8.1. I'm using an iPhone 5S.

 

Recap: When Fantastical 2's iOS Privacy settings are:

 - Calendars=Off, Reminders=On: Fantastical 2 does not behave as expected (displays a CalDAV calendar, and all reminders; should display only reminders)

 - Calendars=On, Reminders=Off: Fantastical 2 behaves as expected (displays all calendars, no reminders)

 - Calendars=On, Reminders=On: Fantastical 2 behaves as expected (displays all calendars and reminders)

 - Calendars=Off, Reminders=Off: Fantastical 2 behaves as expected (does not display any calendars or reminders)

 

I would like to ask two questions:

 

1. Has anyone else observed this behavior in Fantastical 2?

 

2. Has anyone observed other apps gaining access that should be denied by iOS Privacy settings?

Comments

  • Reply 1 of 2
    beegeebeegee Posts: 2member

    I should have mentioned earlier that: 

     - I configured access to my CalDAV calendar this way: Settings > Mail, Contacts, Calendars > Add Account > Other > Add CalDAV Account. (I'm not using iCloud.)

     - My reminders come from that CalDAV account.

     - iOS's Calendar and Reminders apps behave as expected: data appears only as expected, with no duplicates.

     - The Apple iOS Developer Library suggests that calendar and reminder data are accessed through different requests for events vs reminders (even though they are stored in the same database). So it appears that the framework is designed to let iOS enforce separate Privacy settings for Calendars vs Reminders.



    Fantastical 2 would have no way of connecting to my CalDAV calendar without getting the connection information from iOS. So regardless of whether the app is connecting to the Event Store or connecting to the CalDav calendar directly, I guess that iOS doesn't enforce Privacy settings, but instead expects apps to respect them - does that seem accurate?



    I guess I should contact Fantastical's developer, but I'm still wondering whether I should contact Apple - i.e., should iOS permit this?

  • Reply 2 of 2
    gatorguygatorguy Posts: 24,213member
    beegee wrote: »
    Fantastical 2 would have no way of connecting to my CalDAV calendar without getting the connection information from iOS. So regardless of whether the app is connecting to the Event Store or connecting to the CalDav calendar directly, I guess that iOS doesn't enforce Privacy settings, but instead expects apps to respect them - does that seem accurate?
    There is an expectation that developers operate ethically and disclose the permissions you're granting when their app is installed. Unfortunately it's not all that rare for apps to harvest information unrelated to functions, and worse sometimes not disclose it. One recent report said 85% of mobile apps either fail to disclose or require access to data they don't need.

    If you're interested about the developers' responsibilities there's an Apple doc here.

    https://developer.apple.com/library/ios/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/iPhoneAppProgrammingGuide.pdf
Sign In or Register to comment.