Apple disallows developers from collecting and sharing Contacts data

2»

Comments

  • Reply 21 of 36
    benji888 said:
    As soon as FB asked me if it could use my mobile number as contact displaying it I removed FB application from phone alltogether and it will not come back. I can use it on PC or iPad, but mobile phones will never see FB or similar apps. That went too far. Also I will never get why scam call detection apps ask question to access my contacts. They need to access blocked numbers on my phone in the first place - they are not getting any info about my contacts. I agree contacts should be secured additionally and apps should never ask for access to them in order to function properly. Now with GDPR in life since May some may be cwareful for abousinbg this information as it may end up in court in European Union... regardless if you ask for access in the USA or elsewhere.... so do not ask if you do not want to be forced to show up in court in EU.
    FYI: no one has to put in their phone number, nor address on FB, it is not required. I only have a city near me, not the actual city I live in and email listed. But, yeah, 3rd parties shouldn't have free access to contacts via FB.
    If you believe that FB hasn’t gotten your phone number or address or a whole bunch of your information via your friends address books (who have your actual info in them) after your friends allowed Facebook access to their contacts then I have a bridge to sell you. 
    muthuk_vanalingambaconstanggatorguycgWerkswatto_cobra
  • Reply 22 of 36
    SoliSoli Posts: 8,174member
    frank777 said:
    Third, I'd like an easy way to separate personal and business contacts.
    I don't know if you've always been able to do that in Apple OSes, but you've been able to fo that for as long as iOS has existed. I have many groups and smart groups for various type of data organizations within Contacts.
    edited June 13 watto_cobra
  • Reply 23 of 36
    SoliSoli Posts: 8,174member
    benji888 said:
    As soon as FB asked me if it could use my mobile number as contact displaying it I removed FB application from phone alltogether and it will not come back. I can use it on PC or iPad, but mobile phones will never see FB or similar apps. That went too far. Also I will never get why scam call detection apps ask question to access my contacts. They need to access blocked numbers on my phone in the first place - they are not getting any info about my contacts. I agree contacts should be secured additionally and apps should never ask for access to them in order to function properly. Now with GDPR in life since May some may be cwareful for abousinbg this information as it may end up in court in European Union... regardless if you ask for access in the USA or elsewhere.... so do not ask if you do not want to be forced to show up in court in EU.
    FYI: no one has to put in their phone number, nor address on FB, it is not required. I only have a city near me, not the actual city I live in and email listed. But, yeah, 3rd parties shouldn't have free access to contacts via FB.
    If you believe that FB hasn’t gotten your phone number or address or a whole bunch of your information via your friends address books (who have your actual info in them) after your friends allowed Facebook access to their contacts then I have a bridge to sell you. 
    I'm always amazed by the number of people who are afraid of FB having their data when their online "alias" is tied to their actual name, age, location, and other data through a simple google search. Then there's websites like PeekYou, FamilyTreeNow, and countless other aggregate sites that will give you all the information you need to locate these people, but they're worried about FB using their data to push targeted ads.
    muthuk_vanalingam
  • Reply 24 of 36
    Rayz2016Rayz2016 Posts: 4,027member
    avon b7 said:
    Rayz2016 said:
    That’s going to hurt Whatsapp. It won’t allow you to do anything unless you grant it access to search your contacts. 
    WhatsApp will simply ask for specific permission. Anyone using the app knows that it has to scan your address book for optimum usability. Your privacy settings are still there.
    Mmm. No I don’t know that. All I know is that when I installed it, it asked for access to my contacts. When I refused, it wouldn’t go any further. I would’ve been happy to just type in the numbers of the people I know are Whatsapp users into its own database, but I didn’t have that option, and since the Whatsapp developers had already lied once (they said that they would remain separate from Facebook, and then after the takeover they said they would share your number with them) I thought it was probably best to delete WhatsApp, just to be sure. 
    edited June 13 watto_cobra
  • Reply 25 of 36
    Rayz2016Rayz2016 Posts: 4,027member
    Soli said:
    benji888 said:
    As soon as FB asked me if it could use my mobile number as contact displaying it I removed FB application from phone alltogether and it will not come back. I can use it on PC or iPad, but mobile phones will never see FB or similar apps. That went too far. Also I will never get why scam call detection apps ask question to access my contacts. They need to access blocked numbers on my phone in the first place - they are not getting any info about my contacts. I agree contacts should be secured additionally and apps should never ask for access to them in order to function properly. Now with GDPR in life since May some may be cwareful for abousinbg this information as it may end up in court in European Union... regardless if you ask for access in the USA or elsewhere.... so do not ask if you do not want to be forced to show up in court in EU.
    FYI: no one has to put in their phone number, nor address on FB, it is not required. I only have a city near me, not the actual city I live in and email listed. But, yeah, 3rd parties shouldn't have free access to contacts via FB.
    If you believe that FB hasn’t gotten your phone number or address or a whole bunch of your information via your friends address books (who have your actual info in them) after your friends allowed Facebook access to their contacts then I have a bridge to sell you. 
    I'm always amazed by the number of people who are afraid of FB having their data when their online "alias" is tied to their actual name, age, location, and other data through a simple google search. Then there's websites like PeekYou, FamilyTreeNow, and countless other aggregate sites that will give you all the information you need to locate these people, but they're worried about FB using their data to push targeted ads.
    In fact, for most people, the phone number is the real problem, as a lot of people use a fake one when they’re filling in online forms or just decline to give it. By trawling address books of your friends, Facebook gets hold of details you’d rather they didn’t have, and then passes this on to affiliates. This has become a serious problem since the TSB had its service meltdown a few weeks back. Now we have criminals calling the phone service providers and requesting PAC codes so they can get access to the victim’s text messages and thus defeat two-factor authentication. 

    https://www.mycommunityalert.co.uk/da/221616/TSB%20Port%20Out%20Alert.html

    Yes, the phone providers shouldn’t be so bloody stupid, but since they are, we need to start treating our mobile numbers like credit card PIN codes, because now they are. 
    edited June 13 watto_cobra
  • Reply 26 of 36
    Rayz2016Rayz2016 Posts: 4,027member
    foggyhill said:
    ireland said:
    I personally think a users Contacts should be unattainable on iOS. No apps should be left near them. Completely sandboxed and locked down, as safe as a user’s unlock password. It’s one of the reasons I refuse to use WhatsApp, for example. I will never give my contact book to any app... ever. Apple should rethink this. It’s serious.

    Fuck Facebook... fuck snapchat... fuck Twitter... fuck WhatsApp. Fuck them all. They should not have our contacts and be able to determine who we know and where they live and likely relationship—those details are private and no business of any corporation. I remember about four years ago when I re-signed up for Facebook, they rold me: “here are some people you might know”, and it was cousins and friends and relations. Because others clicked a button on their phone these companies get my private data? I don’t think that’s very fair, safe, private, and I think long term it’s a recipe for disaster, tbh. These companies should not have our contact data.
    The main problem is for those apps

    1) Asking for information that you don't even need really for the app to function  (we absolutely know why they're asking it though...).
    2) Not being able to segregate information we want to share on our phone from the one we don't
       I think Apple should have a segregated list of shareable contacts and non shareable ones.
        - That way, we could ask people whose contact we put into our contact base if they agree with us sharing it (most would probably say no).
        - Some contact would always be private
        - My psych, doctor, kids phone number, why the hell should FB have access to that EVER.
       - You should be able to turn on/off tracking  through geofencing
       - Turn off info sharing according to the type of info it is.
    3) After being shared not knowing how the hell it will be used.
        - Being used to sell you a better sliced bread or a better mouse trap is one thing, but
          using it to work with your biases (we all that all some) to manipulate you to act in a way (vote, not vote, vote for X because you hate Y regardless if it will screw you in 20 other ways, not vote for X because X wasn't pure on some hot button) to serve a political aim is just repulsive. Already, wading through the cesspool of disinformations that have sprung up in the last decade to get properly vetted and sourced info, is hard enough.
        


    I think this idea has legs. 

    A simple toggle that says whether that defaults to “no” on each address, and a smart group that allows you to see which numbers are not private. 

    But since most folk would just keep the numbers private then I suggest that each app has its own database that contains only other users of that app. I’d be happy to use WhatsApp if it used its own list of other WhatsApp users. 
    watto_cobra
  • Reply 27 of 36
    tallest skiltallest skil Posts: 43,399member
    That took WAY too long to stop. At least it’s done.
    watto_cobra
  • Reply 28 of 36
    avon b7avon b7 Posts: 2,614member
    ireland said:
    avon b7 said:
    Rayz2016 said:
    That’s going to hurt Whatsapp. It won’t allow you to do anything unless you grant it access to search your contacts. 
    WhatsApp will simply ask for specific permission. Anyone using the app knows that it has to scan your address book for optimum usability. Your privacy settings are still there.
    Hahahahahahaha.

    Facebook paid $19B for not just its users. Don’t be so naive.
    Nothing naive about it.

    Instant messaging needs someone in the middle to manage things. It could be the carrier, ISP, a multinational or whatever.

    WhatsApp only needs a telephone number and access to the numbers on your contacts list to manage things. Nothing else.

    Is it WhatsApp's fault (or FaceBooks') that Apple flung the doors open to everything else about your contacts?

    If this issue only applied to Android, these forums would be howling about it. 

    My point was that this will not hurt WhatsApp as they can simply ask for specific permission. If you want to use the service and accept that someone has to be in the middle and your are an existing WhatsApp user, you will accept.

    Google has been promoting a universal IM equivalent for a while now and seems to have persuaded most of the world's carriers to participate. This could lead to a kind of SMS on steroids and make this functionality part of the networks core messaging capabilities, taking it out of the App realm. That could hurt WhatsApp if it takes off.

    As for privacy, you never lost the option of hiding your last connected or profile photo on WhatsApp. The other issue of wider access to contact data is a question that Apple has to tackle (and is doing so). I hope Android follows suit.

    However, dual SIM has been available on Android phones for ages (perfect for business use) and potentially goes a long way to helping manage this kind of issue.  On top of that, some Android phones can actually let you have two Facebook, WhatsApp etc accounts running side by side on the same phone. That's something very useful.
    croprgatorguy
  • Reply 29 of 36
    Soli said:
    benji888 said:
    As soon as FB asked me if it could use my mobile number as contact displaying it I removed FB application from phone alltogether and it will not come back. I can use it on PC or iPad, but mobile phones will never see FB or similar apps. That went too far. Also I will never get why scam call detection apps ask question to access my contacts. They need to access blocked numbers on my phone in the first place - they are not getting any info about my contacts. I agree contacts should be secured additionally and apps should never ask for access to them in order to function properly. Now with GDPR in life since May some may be cwareful for abousinbg this information as it may end up in court in European Union... regardless if you ask for access in the USA or elsewhere.... so do not ask if you do not want to be forced to show up in court in EU.
    FYI: no one has to put in their phone number, nor address on FB, it is not required. I only have a city near me, not the actual city I live in and email listed. But, yeah, 3rd parties shouldn't have free access to contacts via FB.
    If you believe that FB hasn’t gotten your phone number or address or a whole bunch of your information via your friends address books (who have your actual info in them) after your friends allowed Facebook access to their contacts then I have a bridge to sell you. 
    I'm always amazed by the number of people who are afraid of FB having their data when their online "alias" is tied to their actual name, age, location, and other data through a simple google search. Then there's websites like PeekYou, FamilyTreeNow, and countless other aggregate sites that will give you all the information you need to locate these people, but they're worried about FB using their data to push targeted ads.
    Similarly, I get confused by the avid Facebookers that refuse to turn in Read Receipts in Meaages. “I don’t want someone to know when I read their text!!” But oversharing on Facebook is fine...

    I think the Facebook issue is that they don’t simply use that data for themselves, they colllect and collect and make connections you may not have known about and then sell all that information  to basically whoever. And it doesn’t help that they are so massive. Or that they tend to be cagey about what information they have and seem reluctant to increase user privacy. 
    watto_cobra
  • Reply 30 of 36
    dewmedewme Posts: 1,606member
    I'd imagine the developers of apps like 1Password could very easily incorporate the Contacts functionality into their apps. It seems like a very natural fit. The only "loss" would be in convenience and ease of use for other apps and built-in services that use Contacts, like Mail, Siri, etc. In fact, if you are willing to live with the inconvenience and break some of the seamless integration that Apple provides you could move your Contacts over to 1Password today.
    watto_cobra
  • Reply 31 of 36
    mike1mike1 Posts: 1,708member
    frank777 said:

    Third, I'd like an easy way to separate personal and business contacts.
    Yes. Yes. Yes. It's the ONLY thing I miss from the Blackberry days.
    watto_cobra
  • Reply 32 of 36
    I think it's good that Apple is stopping developers from sharing contact information but these actions alone from Apple isn't going to change anything. I have so many friends who use Android phones and have my contact information in their contacts list which developers have easy access to. And generally I have observed that people using Android do not care much about security/privacy. 
    watto_cobra
  • Reply 33 of 36
    sockrolidsockrolid Posts: 2,788member
    Under the new rules, developers are not only barred from creating, sharing, or selling databases based on harvested contact info, but must use contact data explicitly for what they say they will unless they get further permission. 
    FINALLY.
    watto_cobra
  • Reply 34 of 36
    cgWerkscgWerks Posts: 1,605member
    Doesn't this kind of fall into that category of things for which Tim said he'd wouldn't get into such a position in the first place???

    Soli said:
    I'm always amazed by the number of people who are afraid of FB having their data when their online "alias" is tied to their actual name, age, location, and other data through a simple google search. Then there's websites like PeekYou, FamilyTreeNow, and countless other aggregate sites that will give you all the information you need to locate these people, but they're worried about FB using their data to push targeted ads.
    Yea, the problem is much bigger than FB, they are just one particular well-known form of it.
  • Reply 35 of 36
    FolioFolio Posts: 369member
    Excerpt from recent UK's Guardian, pls excuse length but sums up several pieces, complementary to AI report:
    https://www.theguardian.com/technology/2018/jun/13/apple-facebook-privacy-data-harvesting-onavo-app-store

    Apple strikes blow to Facebook as it clamps down on data harvesting

    Rules appear to target services like Onavo Protect, which claims to protect user data even as it feeds information to Facebook

    Wed 13 Jun 2018 21.10 EDTLast modified on Thu 14 Jun 2018 07.58 EDT

     Apple’s new App Store rules appear to be intentionally worded to target apps like Onavo. Photograph: Greg Baker/AFP/Getty Images

    Apple has updated its rules to restrict app developers’ ability to harvest data from mobile phones, which could be bad news for a Facebook-owned data security app called Onavo Protect.

    Onavo ostensibly provides users with a free virtual private network (VPN) which, it claims, helps “keep you and your data safe when you browse and share information on the web”. What is not immediately obvious is that it feeds information to Facebook about what other apps you are using and how much you are using them back to the social networking giant.

    “The problem with Onavo is that it talks about being a VPN that keeps your data private, but behind the scenes it’s harvesting your data for Facebook,” said Ryan Dochuk, CEO of the paid-for VPN TunnelBear. “It goes against what people generally expect when they use a VPN.”

    Onavo has been a Trojan horse for Facebook (in the classical sense, not as malware), allowing it to gather intelligence on the apps people use on tens of millions of devices outside its empire. This real-time market research highlights which apps are becoming popular and which are struggling. Such competitive intelligence can inform acquisition targets and negotiations as well as identify popular features it could copy in rival apps.

    As first reported by Bloomberg, Apple’s new App Store rules explicitly ban the collection of “information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing”, which appears to be intentionally worded to clamp down on apps like Onavo.

    “Apple has been very clear that it’s pro-privacy,” ,” said Joseph Jerome, a privacy specialist from the Center for Democracy and Technology, “and with every iteration of iOS [Apple’s mobile operating system] has been trying to restrain the ability of apps to know what’s going on on the device if a user hasn’t authorised it.”

    Onavo started life in Tel Aviv in 2010 as a startup that helped people reduce their wireless bills by compressing incoming data on an iPhone or Android device. It also highlighted which apps were using the most data. For mobile publishers, it provided analytics to help them keep track of how their apps were performing against competitors. In May 2013, it launched a VPN called Onavo Protect, which promised to protect people’s data when they were browsing the web from their phone on a public wifi network.

    Facebook bought the company in October 2013 for an undisclosed sum, estimated to be between $100m and $200m.

    VPNs work by redirecting and encrypting all data leaving your computer, phone or tablet and sending it to another server in another location. They position themselves as tools for protecting people’s privacy and security, but that very much depends on who is running the VPN and how they make their money.

    “This server is in a really privileged position,” said Dochuk. “Essentially, it needs 100% of consumer trust because 100% of their data is going through that server.”

    This means whoever runs the VPN knows which apps are installed on your device and how much you use them; which websites you visit; and your device type and location.

    There are some VPNs, such as TunnelBear, that cover their server and bandwidth costs through paid subscriptions and others, like Hola and Onavo, that provide a free service to the end user, but extract value from the data they collect or by selling people’s unused bandwidth.

    “If you’re not paying with your money you are probably paying with your data,” said Will Strafach, a security specialist who has analysed the Onavo app.

    According to the Wall Street Journal, Facebook employees have put the Onavo data to good use by monitoring the performance of rival Snapchat, particularly after Facebook’s Instagram app launched similar features. Onavo’s data also reportedly helped guide Facebook’s decision to buy WhatsApp for $19bn in 2014 and to clone the popular group video chat app Houseparty.

    In written questions following CEO Mark Zuckerberg’s congressional testimony in April, lawmakers asked Facebook whether its use of data gleaned from Onavo violated the privacy consumers expect of a VPN.

    Facebook said that it explained what data it would receive when a user installed the app.

    “This helps us improve and operate the Onavo service by analysing your use of websites, apps and data,” Onavo Protect’s App Store messaging reads. “Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.”

    Users have to accept these terms before using the app.

    The company has acknowledged it uses Onavo to monitor competitors, but it insists this is not unusual: “Websites and apps have used market research services for years.”

    Facebook said it did not connect the app usage data collected through Onavo to the data collected from an individual’s Facebook account.

    Strafach said it would be easy for Facebook to connect the data if the person also had the Facebook app installed on their phone.

    “You just have to trust that they are not doing that,” he said.

    watto_cobra
  • Reply 36 of 36
    cgWerkscgWerks Posts: 1,605member
    Folio said:
    There are some VPNs, such as TunnelBear, that cover their server and bandwidth costs through paid subscriptions and others, like Hola and Onavo, that provide a free service to the end user, but extract value from the data they collect or by selling people’s unused bandwidth.

    “If you’re not paying with your money you are probably paying with your data,” said Will Strafach ...

    This is really the key, besides some research about the integrity of the company (as best you can tell). But, if it's free, that should be the first clue something is up.

    Also, unless you run a clean computer or VM across your VPN, these days, tons of various services and apps are communicating with various companies across that same VPN, so any kind of aggregated data could associate you with anything you're doing via the VPN. (i.e.: a VPN running on your typical computer has little to do with privacy, but with data security when you're on a public network... and even that's problematic because your computer likely communicates with dozens of services when you connect, before you can even enable the VPN, if it's a software VPN.)
Sign In or Register to comment.