Apple to block third-party access to Notes field in Contacts with iOS 13

Posted:
in iOS edited June 5
Apple's iOS 13 will block third-party apps from accessing the "Notes" field when requesting data from Contacts, addressing a little known but potentially impactful security hole in the company's mobile operating system.

iOS 13


Apple revealed the change in information handling, which addresses concerns over inadvertent data sharing, at its Worldwide Developers Conference in San Jose this week, reports TechCrunch.

Currently, apps that are granted access to a user's address book can pull in a contact's name, phone number, address, email address and more, including data from the Notes field. While many leave the field blank, some use it as a makeshift scratchpad for storing potentially private information.

For example, some users save credit card credentials and PIN numbers, while others might jot down potentially damning opinions or comments about a contact they would rather not see shared.

The Notes field is unencrypted and will remain as such in iOS 13, but the forthcoming OS will, in most cases, deny third-party app access to data stored within.

Apple said that developers who believe they have valid reason for accessing the data field can file for an exception, though the company points out that most apps do not need access to the private information.

Apple is packing a veritable boatload of new additions, updates and modifications into iOS 13, including marquee features like Dark Mode, QuickPath swipe-to-type keyboard and a variety of security enhancements. The software is due for release this fall.

Comments

  • Reply 1 of 19
    fastasleepfastasleep Posts: 2,851member
    I found out a while back that my dad was keeping passwords as entries in Contacts on his iPhone. Very odd. 
    dysamoriaforgot usernamewatto_cobra
  • Reply 2 of 19
    cornchipcornchip Posts: 1,312member
    I found out a while back that my dad was keeping passwords as entries in Contacts on his iPhone. Very odd. 
    LoL yikes!

    another related thought I had the other day was - it would be nice to be able to select/choose exactly which items of a contact you want to share. So when you tap “share contact” you would get a little pop up where you get to tap which fields will be sent with a “share all fields” button. So if you only want to share just your (or someone else’s) email you tap only that field. Obviously now you can simply long press on a field & copy/paste, but then if you want to share two or three fields it starts becoming cumbersome with the back & forth copying & pasting when it could just be two or three additional taps.
    edited June 5 chiamike54MulderFLCarnagewatto_cobra
  • Reply 3 of 19
    flydogflydog Posts: 279member
    Any minute someone will chime in that this violates antitrust law and proves Apple has a monopoly. 
    gutengelwatto_cobra
  • Reply 4 of 19
    djames4242djames4242 Posts: 524member
    Hope they don't do this with MacOS, too. I'm a big fan of BusyContacts and would hate for it to be affected by this.
  • Reply 5 of 19
    Rayz2016Rayz2016 Posts: 4,594member
    I found out a while back that my dad was keeping passwords as entries in Contacts on his iPhone. Very odd. 
    Seen something very similar: a friend keeping PIN numbers next to credit card numbers in his contact card on his phone. He even put spaces in the card number so you could tell it was a credit card number. 

    Though if Apple is going to try protecting every user from every stupid thing they try to, then at some point in the future they’ll need to stop folk from from switching on their phones. 
    edited June 6 fastasleeploopychewbeowulfschmidtqwweracornchipwatto_cobra
  • Reply 6 of 19
    mobirdmobird Posts: 139member
    If this feature comes to fruition, they should provide the ability to set a default so that you don't have to check a bunch of boxes each and every time.
    forgot usernamewatto_cobra
  • Reply 7 of 19
    I’ve kept information In that field before, and many people do.

    The information wasn’t super sensitive, but it’s not something that should be shared.  This is an Apple oops, and it’s good that isn’t being fixed.

    Why are people blaming users? Fanboys are nuts...

    I don’t share anything with 3rd party apps, so it’s not an issue, but still...
    qwweraforgot username
  • Reply 8 of 19
    libertyforalllibertyforall Posts: 1,294member
    Wow, this is SO LONG OVERDUE!
    gutengelqwweraforgot usernamewatto_cobra
  • Reply 9 of 19
    kevin keekevin kee Posts: 1,035member
    Wow, this is SO LONG OVERDUE!
    I don't think even Apple would foresee this is happening. Who is actually storing sensitive information in the address comments? LOL, but somehow some do.
    watto_cobra
  • Reply 10 of 19
    emoelleremoeller Posts: 439member
    Finally!
    watto_cobra
  • Reply 11 of 19
    mike54mike54 Posts: 330member
    Good move.
    Sharing Contacts is very vague. There can be loads of personal information in the contact data.
    I don't know if its feasible to have a setting to choose which contact fields can be shared when an app requests it, eg just the name, name and phone number, etc. Maybe the default could be just the name.
    watto_cobra
  • Reply 12 of 19
    macguimacgui Posts: 1,251member
    Personally I see no reason a user shouldn't be able to store bits of info in Contact's notes section, forum opinions be goddamned. I've got a few low-priority passwords stored as contacts, because it's handy. If I lost my phone and somebody got its password, the odds are low that they'd figure out the phone numbers and names of some contacts form a password.

    AI said:
    Apple said that developers who believe they have valid reason for accessing the data field can file for an exception, though the company points out that most apps do not need access to the private information. 
    I might share my Contacts info with third-party apps (that'll be a cold fucking day in Hell) but if I did (which I won't) there's no reason that they should have access to the notes field.

    Now I'm sure a developer, getting an exception to mine that data, would do the right thing an notify the customer before doing so, giving them the chance to opt out. And I'm sure they'd bury that info in a 50 page EULA, if Apple allowed them.

    Maybe I'm being hasty and there's a perfectly good reason vendor's should have access to that part of Contacts. But I'll keep my tinfoil hat tightly screwed on.
    watto_cobra
  • Reply 13 of 19
    dysamoriadysamoria Posts: 2,143member
    flydog said:
    Any minute someone will chime in that this violates antitrust law and proves Apple has a monopoly. 
    Why?
  • Reply 14 of 19
    dysamoriadysamoria Posts: 2,143member
    To Apple’s credit, I’m glad someone decided this is an issue to address.
    macguiforgot username
  • Reply 15 of 19
    ivanhivanh Posts: 352member
    I ask for field level security for years!  Not just Note field! The small improvement is not enough.

    There should be multiple Contacts lists, not just one. Categories do not serve the purpose, and even so, there is no way to manage categories with the native Contacts app. 
    edited June 6 mike54
  • Reply 16 of 19
    qwweraqwwera Posts: 269member
    yikes I didn’t even know my contacts information was just flailing in the wind like that for everyone to see
    forgot usernamewatto_cobra
  • Reply 17 of 19
    mike1mike1 Posts: 1,884member
    I found out a while back that my dad was keeping passwords as entries in Contacts on his iPhone. Very odd. 
    That is odd. Everybody else keeps them in Notes. LOL
    watto_cobra
  • Reply 18 of 19
    vonvon Posts: 1member
    Contacts are hugely personal & the notes field can be a goldmine of information, but more worrying is the fact that I can have multiple phone, email & social media contacts against individuals (personal, private, business, etc).  The more I think about it & about all the data I have in my contacts, the harder the answer becomes!  Even blocking Notes won't encourage me to share my contacts with third party apps.  Even field level security probably won't work as again, one selection does not work for all contacts!  I applaud Apple for trying, but, alas, I don't think the contact notes field is the only issue. 
    forgot usernamewatto_cobra
  • Reply 19 of 19
    wood1208wood1208 Posts: 1,958member
    Make sense and should have done way back. People store important information like under Bank phone contact account numbers. Some store userid/password. Moreover, Notes App should also have restrictions and no 3rd party App should be allowed to access it's contents. You can share a single note inside Notes App to someone but not rest of Notes App's contents. Point is people store important information in some App and 3rd party must not be allowed to access other than user itself.
    forgot usernamewatto_cobra
Sign In or Register to comment.