Apple admits to a flaw in iOS, which allows apps to access and store Address Book contacts

Posted on by

Apple has finally decided to respond to reports that suggest many iOS apps have been accessing, storing, and transmitting user contact data from the Address Book. The entire issue arises from a social networking app, Path, which was uploading the user’s entire contact list without user consent. This means that an iOS app developer can access your contacts in Address Book without your permission after installing the application on your iPhone or iPad. With growing criticism, Apple has finally agreed with the above assessment and they plan to introduce explicit user permissions to access Address Book data.

“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines… We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.” – Tom Neumayr, Apple spokesman. (source: AllThingsD)

This issue should have been addressed a long time ago as iOS developers are able to use user data without permission from the user.  House Energy & Commerce Committee Chairman, Henry Waxman, and Commerce Manufacturing and Trade Subcommittee Chair, G.K. Butterfield stated that, “This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts”.

Data gathered by Lookout mobile app in beginning of 2011 suggested that about 11% of android apps are able to read the contacts in Address Book application. This number may be increased with the growth of Apple App Store.

The problem is very serious as it affects the privacy of the user. App developers, i.e Path, are able to store user address books on their servers, and keep the information in order to be able to check and alert users when their friends or family have joined the service. We can expect Apple to implement a similar strategy that Android has been using since the beginning. Android addresses this issue by requiring explicit user permission for contact sharing with apps before the installation takes place.

Apple says that it will add another user permission dialogue box and we think that this last minute solution of annoying dialog boxes is going to make it more difficult for both the users and developers. Apple should learn from Facebook when it comes to user’s social network data access and permissions.

Facebook provides you with the list of things that the application accesses before installing it and other additional features require user permission within the application. In my opinion, this is a way better implementation of user permissions than the one Apple has suggested.  Please provide your thoughts on this matter in the comments below.

Source: AllThingsD and Techcrunch