Apple disallows developers from collecting and sharing Contacts data
A largely unnoticed change in the revised App Store Guidelines Apple issued during WWDC was a ban on developers building their own databases with collected contact info, and/or sharing them without further permission.
Until the revised guidelines were released last week, iOS developers only needed to secure initial permission to harvest contact data, Bloomberg noted on Tuesday. iOS Contacts can contain not just phone numbers and email addresses but other saved information such as photos and birthdays.
"The address book is the Wild West of data," one anonymous developer explained prior to WWDC. "I am able to instantly transfer all the contacts info into some random server or upload it to Dropbox if I wanted to, the very moment a user says okay to giving contacts permission. Apple doesn't track it, nor do they know where it went."
Under the new rules, developers are not only barred from creating, sharing, or selling databases based on harvested contact info, but must use contact data explicitly for what they say they will unless they get further permission.
Likewise, apps can't contact people "except at the explicit initiative of that user on an individualized basis," and must offer message previews.
Apple will likely have a difficult time enforcing the new policy, but should be able to wield it when it learns of privacy breaches through media reports and security researchers.
The company has dealt with a number of contact-related privacy issues in the past, most famously a 2012 controversy over Path. The app was found to be uploading contact lists without permission, an incident which ultimately led to some of Apple's tighter restrictions. The U.S. Federal Trade Commission sued Path, eventually settling out of court, but Apple CEO Tim Cook reportedly dressed down Path's CEO in person during the debacle.
Until the revised guidelines were released last week, iOS developers only needed to secure initial permission to harvest contact data, Bloomberg noted on Tuesday. iOS Contacts can contain not just phone numbers and email addresses but other saved information such as photos and birthdays.
"The address book is the Wild West of data," one anonymous developer explained prior to WWDC. "I am able to instantly transfer all the contacts info into some random server or upload it to Dropbox if I wanted to, the very moment a user says okay to giving contacts permission. Apple doesn't track it, nor do they know where it went."
Under the new rules, developers are not only barred from creating, sharing, or selling databases based on harvested contact info, but must use contact data explicitly for what they say they will unless they get further permission.
Likewise, apps can't contact people "except at the explicit initiative of that user on an individualized basis," and must offer message previews.
Apple will likely have a difficult time enforcing the new policy, but should be able to wield it when it learns of privacy breaches through media reports and security researchers.
The company has dealt with a number of contact-related privacy issues in the past, most famously a 2012 controversy over Path. The app was found to be uploading contact lists without permission, an incident which ultimately led to some of Apple's tighter restrictions. The U.S. Federal Trade Commission sued Path, eventually settling out of court, but Apple CEO Tim Cook reportedly dressed down Path's CEO in person during the debacle.
Comments
Fuck Facebook... fuck snapchat... fuck Twitter... fuck WhatsApp. Fuck them all. They should not have our contacts and be able to determine who we know and where they live and likely relationship—those details are private and no business of any corporation. I remember about four years ago when I re-signed up for Facebook, they rold me: “here are some people you might know”, and it was cousins and friends and relations. Because others clicked a button on their phone these companies get my private data? I don’t think that’s very fair, safe, private, and I think long term it’s a recipe for disaster, tbh. These companies should not have our contact data.
I'd like an easy API that allows you to scan in a business card, automagically recognize the contact details (data detectors already does this) and add or update the contact card, pulling in social media feeds. Bonus points if your scanner can batch-process cards after a sales trip/event.
I'd also like the image of the business card to be displayed, as it can jog your memory.
Third, I'd like an easy way to separate personal and business contacts.
Facebook paid $19B for not just its users. Don’t be so naive.
I’d settle for any easy way to select the account and any associated groups when you add a new contact. It’s hardly rocket science.
Or maybe it is; G-Suite and Office 365 really screw this up too. All I wanted was a way to manage a shared contacts group across my team, deployed via a standard contact/calendar/email service not proprietary apps. I think it’s time Apple reinvented User Admin.
This is nice, but as the story indicates, it's of limited value since granting access to an app gives it access to everything, so the developers are on their honor to only take what they say, and the ones who cause problems have no honor. It would be nice if Apple/iOS could grant limited access to address book data by field. That way WhatsApp could request name and phone number info but the rest of the data would be kept private.
Apple is just not doing good enough.