Apple will update iOS to require user permission for apps to access contact data

Posted:
in iPhone edited January 2014


Apple on Wednesday announced a future update to iOS will restrict App Store software from accessing a user's address book without their permission.



"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," Apple spokesman Tom Neumayr said in a statement to AllThingsD. "We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."



The official statement came quickly after two U.S. congressmen sent a letter to Apple Chief Executive Tim Cook, asking for more information about Apple's security and privacy policies on the iPhone. The controversy stems from an iPhone social networking application, "Path," which was discovered to be uploading users' address book data to the company's servers without user authorization.



For its part, Path issued an apology and gave users the option to opt out, stating that the data was being used to streamline the application's "Add Friends" feature. But Apple, in its official comment on Wednesday, made it clear that the actions taken by Path are in violation of its iOS developer guidelines.



Reps. G.K. Butterfield (D-N.C.) and Henry A. Waxman (D-Calif.) issued the letter to Cook on Wednesday, questioning whether Apple's iOS application developer policies and practices adequately protect consumer privacy. Apple's official response came mere hours after the letter was made public.











The events share some similarities with last year's location database controversy, in which members of the U.S. government demanded answers from Apple about a file found hidden in the iPhone operating system that kept an extensive log of location data. Apple said the crowd-sourced data, which represented cellular towers and Wi-Fi hotspots pinged by the iPhone, was intended to give users faster response times when using location-based services.



That controversy quickly became a non-issue when Apple issued an iOS software update, which reduced the size and scope of the database file, and gave users the ability to delete it by turning off location services on their iPhone.



[ View article on AppleInsider ]

«1345

Comments

  • solipsismxsolipsismx Posts: 19,566member
    It's about bloody time as this issue has been in the media for several minutes now¡
  • tbstephtbsteph Posts: 62member
    Where's Franken on this issue! I'm stunned Waxman et al, were the first in Congress to query Apple on addressbookgate.
  • thataveragejoethataveragejoe Posts: 830member
    See? Problem solved simply enough.
  • mac_dogmac_dog Posts: 459member
    when the path debacle arose, my first thought is that software companies should allow their users to 'opt-in' when they want to harvest information, rather than the opposite.



    this is awesome!
  • gatorguygatorguy Posts: 14,322member
    Quote:
    Originally Posted by SolipsismX View Post


    It's about bloody time as this issue has been in the media for several minutes now¡



    Getting ever closer to Android's permission-based app model. . .
  • baka-dubbsbaka-dubbs Posts: 82member
    Quote:
    Originally Posted by AppleInsider View Post


    The events share some similarities with last year's location database controversy, in which members of the U.S. government demanded answers from Apple about a file found hidden in the iPhone operating system that kept an extensive log of location data. Apple said the crowd-sourced data, which represented cellular towers and Wi-Fi hotspots pinged by the iPhone, was intended to give users faster response times when using location-based services.



    I really don't think it has many similarities at all. The prior issue was simply a file on your phone that was storing location data, I don't think third parties really had access to it. This is all your contact information loaded onto a third party server without your permission.
  • obamaobama Posts: 62member
    Quote:
    Originally Posted by thataveragejoe View Post


    See? Problem solved simply enough.



    You all have me to thank for this.
  • solipsismxsolipsismx Posts: 19,566member
    Quote:
    Originally Posted by mac_dog View Post


    when the path debacle arose, my first thought is that software companies should allow their users to 'opt-in' when they want to harvest information, rather than the opposite.



    this is awesome!



    While this is good news it's plugging a small leak in a dam while the water gushes from many other places. Many sync their address books between Mac and Windows with every app we install having access to our data.





    Quote:
    Originally Posted by Gatorguy View Post


    Getting ever closer to Android's permission-based app model. . .



    You mean going backwards? Because having a list over 20 items an app may access that appears when you install the app isn't sensible and therefore isn't security.
    While you may take heed that a wallpaper app is trying to get access to your contacts most people just click through confusing and technical lists.
  • gatorguygatorguy Posts: 14,322member
    Quote:
    Originally Posted by Baka-Dubbs View Post


    I really don't think it has many similarities at all. The prior issue was simply a file on your phone that was storing location data, I don't think third parties really had access to it. This is all your contact information loaded onto a third party server without your permission.



    To be fair, you're supposed to read the article and at least think it's pretty much the same as last year's location issue.
  • ricochetricochet Posts: 14member
    "For its part, Path issued an apology and gave users the option to opt out,?"



    The classy way to do it would be on an "opt in" basis.
  • SpamSandwichSpamSandwich Posts: 24,153member
    Quote:
    Originally Posted by Obama View Post


    You all have me to thank for this.



  • techguy911techguy911 Posts: 225member
    Quote:
    Originally Posted by Gatorguy View Post


    Getting ever closer to Android's permission-based app model. . .



    Yeah, Apple needs to figure out what can be vetted during the app approval process and what needs to be enforced at runtime. Some other abuse prone areas are unrestricted network/internet access, unlimited flash storage, and full read access to the iPod library.
  • gatorguygatorguy Posts: 14,322member
    Quote:
    Originally Posted by SolipsismX View Post


    You mean going backwards? Because having a list over 20 items an app may access that appears when you install the app isn't sensible and therefore isn't security.

    While you may take heed that a wallpaper app is trying to get access to your contacts most people just click through confusing and technical lists.



    Going backwards



    Did Apple require user-specific permissions at some earlier point? I don't see how it's a bad thing, and if so why Apple is requiring both location and contacts harvesting to be user-authorized now.
  • drdoppiodrdoppio Posts: 1,132member
    Quote:
    Originally Posted by AppleInsider View Post


    Apple on Wednesday announced a future update to iOS will restrict App Store software from accessing a user's address book without their permission.



    "Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," Apple spokesman Tom Neumayr said ...



    So the closed-garden control of the App Store doesn't always work, after all?



    Quote:
    Originally Posted by Gatorguy View Post


    Getting ever closer to Android's permission-based app model. . .



    What are you talking about? Apple invented the permission-based app model. Or perfected it. Or made it popular. Or... forget it, Apple is making billions from the permission-based app model like it's nobody's business! /s



    Quote:
    Originally Posted by SolipsismX View Post


    ...

    You mean going backwards? Because having a list over 20 items an app may access that appears when you install the app isn't sensible and therefore isn't security...



    Every educated Android user knows better than to install any app offering this laundry list of permission, unless it comes from a very respectable source with legitimate reasons for the requests. Don't worry, you'll learn to use it as Apple improves iOS.
  • solipsismxsolipsismx Posts: 19,566member
    Quote:
    Originally Posted by Gatorguy View Post


    Going backwards



    Did Apple require user-specific permissions at some earlier point? I don't see how it's a bad thing, and if so why Apple is requiring both location and contacts harvesting to be user-authorized now.



    Security that isn't used is no security at all. For example, let's say MS updates Windows log-in permissions so that you either have the choice of using only a randomized alphanumeric password or no password at all. Users will go for no password because the security, even though much higher security than there previous passworded option, is now too complex to bother with. That screenshot shows what is wrong with Android's system and it only show 1/4 of the potential permissions.
  • pedromartinspedromartins Posts: 1,333member
    Quote:
    Originally Posted by DrDoppio View Post


    So the closed-garden control of the App Store doesn't always work, after all?







    What are you talking about? Apple invented the permission-based app model. Or perfected it. Or made it popular. Or... forget it, Apple is making billions from the permission-based app model like it's nobody's business! /s







    Every educated Android user knows better than to install any app offering this laundry list of permission, unless it comes from a very respectable source with legitimate reasons for the requests. Don't worry, you'll learn to use it as Apple improves iOS.



    no they don't.. especially when you consider that educated android user does not exist. they use android without knowing what android is. to put it simply, they buy the only available 200 dollar smartphone that isn't nokia and that's it.
  • gatorguygatorguy Posts: 14,322member
    Quote:
    Originally Posted by SolipsismX View Post


    It's a bad thing to offer advertise a security that isn't used because it's not designed to inform the average in a way that is useful to them. For example, let's say MS updates Windows log-in permissions so that you either have the choice of using only a randomized alphanumeric password or no password at all. Users will go for no password because the security, even though much higher security than there previous passworded option, is now too complex to bother with. That screenshot shows what is wrong with Android's system and it only show 1/4 of the potential permissions.



    A quarter of them? I can't imagine what the other 21 would be.



    I see these listed:

    ~Services that cost you Money (that a good one to know about, don't you think?)

    ~Storage - You already showed this one

    ~Your Personal Information - You showed that one too, and Apple agrees with getting your permission

    ~Phone call - Yup, that's in your screenshot

    ~Location - Another I think you should know about, and so does Apple

    ~Network Communication - In your screenshot and something you better know about.

    ~System tools - Again in your list

    ~Hardware controls - Not of much use IMO, unless you're worried why a kid's game wants to turn on the camera.

    ~Your Accounts ~ Another permission that's not really useful IMO.



    Let's see. I count 9
  • paxmanpaxman Posts: 4,056member
    Quote:
    Originally Posted by pedromartins View Post


    no they don't.. especially when you consider that educated android user does not exist. they use android without knowing what android is. to put it simply, they buy the only available 200 dollar smartphone that isn't nokia and that's it.



    Don't let yourself be trolled, buddy.
  • charlitunacharlituna Posts: 7,068member
    Quote:
    Originally Posted by mac_dog View Post


    when the path debacle arose, my first thought is that software companies should allow their users to 'opt-in' when they want to harvest information, rather than the opposite.



    !



    That was the policy, but Path showed Apple that they can't trust developers to do it on their own so now it will be forced on them by the OS
  • maciekskontaktmaciekskontakt Posts: 227member
    Good move.
Sign In or Register to comment.