Apple to block third-party access to Notes field in Contacts with iOS 13
Apple's iOS 13 will block third-party apps from accessing the "Notes" field when requesting data from Contacts, addressing a little known but potentially impactful security hole in the company's mobile operating system.
Apple revealed the change in information handling, which addresses concerns over inadvertent data sharing, at its Worldwide Developers Conference in San Jose this week, reports TechCrunch.
Currently, apps that are granted access to a user's address book can pull in a contact's name, phone number, address, email address and more, including data from the Notes field. While many leave the field blank, some use it as a makeshift scratchpad for storing potentially private information.
For example, some users save credit card credentials and PIN numbers, while others might jot down potentially damning opinions or comments about a contact they would rather not see shared.
The Notes field is unencrypted and will remain as such in iOS 13, but the forthcoming OS will, in most cases, deny third-party app access to data stored within.
Apple said that developers who believe they have valid reason for accessing the data field can file for an exception, though the company points out that most apps do not need access to the private information.
Apple is packing a veritable boatload of new additions, updates and modifications into iOS 13, including marquee features like Dark Mode, QuickPath swipe-to-type keyboard and a variety of security enhancements. The software is due for release this fall.
Apple revealed the change in information handling, which addresses concerns over inadvertent data sharing, at its Worldwide Developers Conference in San Jose this week, reports TechCrunch.
Currently, apps that are granted access to a user's address book can pull in a contact's name, phone number, address, email address and more, including data from the Notes field. While many leave the field blank, some use it as a makeshift scratchpad for storing potentially private information.
For example, some users save credit card credentials and PIN numbers, while others might jot down potentially damning opinions or comments about a contact they would rather not see shared.
The Notes field is unencrypted and will remain as such in iOS 13, but the forthcoming OS will, in most cases, deny third-party app access to data stored within.
Apple said that developers who believe they have valid reason for accessing the data field can file for an exception, though the company points out that most apps do not need access to the private information.
Apple is packing a veritable boatload of new additions, updates and modifications into iOS 13, including marquee features like Dark Mode, QuickPath swipe-to-type keyboard and a variety of security enhancements. The software is due for release this fall.
Comments
another related thought I had the other day was - it would be nice to be able to select/choose exactly which items of a contact you want to share. So when you tap “share contact” you would get a little pop up where you get to tap which fields will be sent with a “share all fields” button. So if you only want to share just your (or someone else’s) email you tap only that field. Obviously now you can simply long press on a field & copy/paste, but then if you want to share two or three fields it starts becoming cumbersome with the back & forth copying & pasting when it could just be two or three additional taps.
Though if Apple is going to try protecting every user from every stupid thing they try to, then at some point in the future they’ll need to stop folk from from switching on their phones.
The information wasn’t super sensitive, but it’s not something that should be shared. This is an Apple oops, and it’s good that isn’t being fixed.
Why are people blaming users? Fanboys are nuts...
I don’t share anything with 3rd party apps, so it’s not an issue, but still...
I might share my Contacts info with third-party apps (that'll be a cold fucking day in Hell) but if I did (which I won't) there's no reason that they should have access to the notes field.
Now I'm sure a developer, getting an exception to mine that data, would do the right thing an notify the customer before doing so, giving them the chance to opt out. And I'm sure they'd bury that info in a 50 page EULA, if Apple allowed them.
Maybe I'm being hasty and there's a perfectly good reason vendor's should have access to that part of Contacts. But I'll keep my tinfoil hat tightly screwed on.
There should be multiple Contacts lists, not just one. Categories do not serve the purpose, and even so, there is no way to manage categories with the native Contacts app.