Study finds 14% of free iPhone apps can snoop contacts

13

Comments

  • Reply 41 of 62
    st3v3st3v3 Posts: 63member
    This thread is absolutely hilarious if you read the one about Android beforehand.
  • Reply 42 of 62
    daharderdaharder Posts: 1,580member
    Quote:
    Originally Posted by st3v3 View Post


    This thread is absolutely hilarious if you read the one about Android beforehand.



    Yes... Yes it certainly is
  • Reply 43 of 62
    peter02lpeter02l Posts: 85member
    Quote:
    Originally Posted by kpluck View Post


    It does seem like a rather enormous oversight to not require a user's permission to access any of their data such as contacts. Hopefully Apple will remedy that soon.



    -kpluck



    The oversight is allowing an app (a wallpaper app!) that has sent private information from millions of users to a server China. But this oversight constitutes the business model that Google has put in place.



    Yet what is the reaction from the press and pundits, or the owners of Android phones? Is it to foam at the mouth and demand an explanation from Google? Is it to bring law suits? Is it to not recommend Android phones until such problems can be eliminated?



    No. It is to point to a competing business model that is designed to prevent such things to happen and say it allows apps access to your information as well without considering the effort made to make sure such information is not harvested by crooks.
  • Reply 44 of 62
    6aab96aab9 Posts: 3member
    Trying to say that somebody cooked this up in response to the app security breach is beyond ridiculous i dont know if you noticed but this was done by a private company before this whole fiasco, if you actually read the post instead of auto attacking any post with android in it youll see that this was released at the black hat conference. Talk about biased i dont even know if i want my iphone anymore so i dont have to be associated with some of you close minded idiots. People are making to big of a deal out of the whole Android iOS comparison. At some point everyone has to stop acting like a 5 year old and understand that not everyone needs to think just like them or make the same product choices. There are obvious advantages and disadvantages to both of the operating systems. Its all about personal preference.



    Furthermore the companies themselves need to learn that corporate competition doesnt need to be about constantly beating down on the other side, its about creating a better product.



    Seriously people wtf
  • Reply 45 of 62
    peter02lpeter02l Posts: 85member
    Quote:
    Originally Posted by scH4MMER View Post


    Wow, that is the weakest standard I've ever heard of before in the personal data protection arena.



    Amazing how years of battling against organized crime stealing people's personal info goes up in smoke because people fall in love with irresponsible products and value convenience over safety.



    Apple and Google releasing internet appliances without strict personal data protection is a huge step backwards. You may love that your "apps" automatically slurp up your contacts, but I am NOT happy to that my friends who use iPhones/Pads are unwittingly exposing my contact info to international data criminals (such as the Chinese incident on record), and that it's called a "feature," and that I have NO way of stopping them.



    Why are you blaming Apple for Googles bad policies? Remember, Apple have a walled garden. Submitted apps go through an approval process that insures that the app does what it says it does and nothing else. Apple already gets enough criticism for that. Don't blame Google's lack of a app vetting process on Apple too? There weren't millions of iPhone users' compromised.
  • Reply 46 of 62
    Apple created the environment where anyone can create an app, and everyone can have it. That's great, but there are huge new risks that need to be controlled. As opposed to when an organization creates unsafe software, and that corporation can be held responsible, there's no requirement of responsibility in an iPhone app.



    Only fully public and accountable organizations should be allowed to read contact info directly from storage. Be resigned to the fact that we might not have everything we want in such a world, but that doesn't mean we should give up the keys to the safe.



    There are ways around it that could get us 90% of what we have now. Instead of allowing apps to read data, the OS could include flexible pointers to contacts in the contacts store, and widgets to show personal info without actually transferring the data to the app. Finally, organizations that can take responsibility for cleaning up any messes could register with Apple to read directly from the phone's storage.



    Unfortunately, it's easier to just let apps, even free ones, read the most sensitive data, so as a result apps are built more quickly and cheaply, which is good for Apple/Google(/Microsoft...soon), but horrible for privacy.



    Makes me wonder why we bother to keep high standards for desktop security, when they're being synced to unsafe iPhones.
  • Reply 47 of 62
    6aab96aab9 Posts: 3member
    Quote:
    Originally Posted by peter02l View Post


    Why are you blaming Apple for Googles bad policies? Remember, Apple have a walled garden. Submitted apps go through an approval process that insures that the app does what it says it does and nothing else. Apple already gets enough criticism for that. Don't blame Google's lack of a app vetting process on Apple too? There weren't millions of iPhone users' compromised.



    Remember the app that supposedly just made weird colors or something but actually was a tethering application? That makes me wonder how impenetrable the "walled garden" is, i seriously doubt they actually check all the apps to the fullest extent.
  • Reply 48 of 62
    kamekame Posts: 7member
    Uh, are we asking iOS to become like Vista?
  • Reply 49 of 62
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by peter02l View Post


    Why are you blaming Apple for Googles bad policies? Remember, Apple have a walled garden. Submitted apps go through an approval process that insures that the app does what it says it does and nothing else. Apple already gets enough criticism for that. Don't blame Google's lack of a app vetting process on Apple too? There weren't millions of iPhone users' compromised.



    The OS should have a built in sandbox that prevents tampering with personal data. But you can't simply depend on the approval process to catch everything so anything is possible. Apple probably has that kind of obvious exploit completely locked down on iPhone. I'm thinking this is more of a sensational exaggeration by Lookout, the security company that reported this.
  • Reply 50 of 62
    chopperchopper Posts: 246member
    Quote:
    Originally Posted by st3v3 View Post


    This thread is absolutely hilarious if you read the one about Android beforehand.



    You're not wrong.



    Very entertaining, I must say.
  • Reply 51 of 62
    daharderdaharder Posts: 1,580member
    Quote:
    Originally Posted by Kame View Post


    Uh, are we asking iOS to become like Vista?



    Except with Vista, the annoyance could be overridden in a mere 3 clicks of a mouse...
  • Reply 52 of 62
    Quote:
    Originally Posted by st3v3 View Post


    This thread is absolutely hilarious if you read the one about Android beforehand.



    If you find humor in the risk of having more than 35,000 iOS apps doing the same thing, knock yourself out.



    Head meet sand.
  • Reply 53 of 62
    wovelwovel Posts: 956member
    Quote:
    Originally Posted by RationalTroll View Post


    If you find humor in the risk of having more than 35,000 iOS apps doing the same thing, knock yourself out.



    Head meet sand.



    They're not though, that is what's funny. No one has identified a single iPhone app transmitting contact data anywhere. Someone thought it was important to release this article to make it look like the google problem exists on the iPhone. It does not. You should take a course in reading comprehension, or perhaps just read the article linked to the story you are commenting on.
  • Reply 54 of 62
    Apple meant for apps to be able to share data from the Contacts file so that we wouldn't have to re-enter the same mobile #'s & e-mail addys for apps that send e-mail, text SMS, instant messengers, et al. So a finding that 3rd party apps can accomplish this isn't a story at all, except for it being a story. This is a real example of what Steve Jobs, Apple's C E O, characterized as media looking for eyeballs at any expense



    Cheers !
  • Reply 55 of 62
    chopperchopper Posts: 246member
    Quote:
    Originally Posted by RationalTroll View Post


    If you find humor in the risk of having more than 35,000 iOS apps doing the same thing, knock yourself out.



    Head meet sand.



    I think you misunderstood his comment. He was, I believe, referencing the reader comments, not the 'article' per sé. The contrast in tone between the two, ostensibly the same issue with only the platforms differing, is quite telling.



    (If I'm wrong about his post, then I apologise to him for my assumption.)
  • Reply 56 of 62
    chopperchopper Posts: 246member
    Quote:
    Originally Posted by Wovel View Post


    They're not though, that is what's funny. No one has identified a single iPhone app transmitting contact data anywhere. Someone thought it was important to release this article to make it look like the google problem exists on the iPhone. It does not. You should take a course in reading comprehension, or perhaps just read the article linked to the story you are commenting on.



    So you believe that AI has an agenda to make Apple look bad? Because AI chose to run that piece, not somebody at Google. Interesting viewpoint you have there.



    That nobody has as yet identified an AppStore app compromising a user's privacy does not guarantee that there is none. The only reason that the wallpaper app was outed was because the security company was looking for something to front up to black hat with.



    Had they chosen to concentrate on Apple's platform, who knows what they might have found, but they don't make security software for the iOS so they naturally wouldn't be looking at Apple.



    But all this is somewhat moot anyway, now that the company has back-pedaled on it's original claims. Seems that social engineering was the real issue, there's no evidence of nefarious activity on the app dev's part with anything they mined, and the numbers potentially affected were something less than 250,000.



    So this episode has devolved into very little of consequence, besides being a warning to us all that there's no way to avoid being targetted by unscrupulous developers on any smartphone platform, that is. We should all be careful out there.
  • Reply 57 of 62
    gwydiongwydion Posts: 1,083member
    Quote:
    Originally Posted by Wovel View Post


    They're not though, that is what's funny. No one has identified a single iPhone app transmitting contact data anywhere.





    I remember at leas two cases of snooping phone numbers, Storm8 games collected and send phone number to their servers and a year ago another app collected phone numbers for phone spamming
  • Reply 58 of 62
    gwydiongwydion Posts: 1,083member
    Ah, and those reports only spread FUD.
  • Reply 59 of 62
    firefly7475firefly7475 Posts: 1,502member
    Quote:
    Originally Posted by Gwydion View Post


    I remember at leas two cases of snooping phone numbers, Storm8 games collected and send phone number to their servers and a year ago another app collected phone numbers for phone spamming



    http://www.macworld.com/article/1437...n_numbers.html



    http://i-phone-home.blogspot.com/sea...l%20of%20Shame
  • Reply 60 of 62
    Quote:
    Originally Posted by Wovel View Post


    They're not though, that is what's funny. No one has identified a single iPhone app transmitting contact data anywhere. Someone thought it was important to release this article to make it look like the google problem exists on the iPhone. It does not. You should take a course in reading comprehension, or perhaps just read the article linked to the story you are commenting on.



    More personal attacks, eh? Classy.



    So because you've not been in an automobile accident today, you can rest assured that you will never be in one?



    Good logic.



    Besides, if you've been reading the news this year you'll find more than a few stories of security exploits on iPhone. To choose to believe that iOS is some kind of magical candyland where nothing bad can ever happen is just setting yourself up for exposure.



    All networking involves risk.
Sign In or Register to comment.