iPhone grants all-access pass to user contact data [Update]
iPhone’s software makes it possible for any app to steal your address book
I have trust issues. I don’t share the personal details of my life with a lot of people. I keep a pretty low profile. And I always, always remember to lock my phone. I don't even let my partner swipe through my address book (to be fair, I don't look through his, either). So, why on earth would I grant total access to a bunch of app-peddling strangers?
But Apple would.
And it has. And it's been allowing the same access to any app that wants it (even ones that could potentially be malicious). And, short of swearing off apps for good, there's not a thing that can be done to stop it.
Basically, any app you download and install on your lovely little iPhone can pull your contact data any time it damn well pleases. Some of these apps are purportedly smoothing out those kinks, while it seems others are taking no action to mend themselves. But even if every single app yanked its grubby paws out of your otherwise private information, the problem wouldn’t just disappear.
As Gizmodo’s Sam Biddle points out, this feature is built into the iPhone’s core software. It’s constructed that way so that users have a more pleasurable experience, without having to close pop-up boxes every few minutes. Personally, I find pesky pop-ups far less intrusive than silent, skilled stalkers.
Currently, the most notable intruders include Foursquare, Path, Instagram, Facebook, Twitter for iOS and Voxer. All of these apps take your contact email and phone numbers. Some give warning, others don’t. None of this is to say that the folks behind these apps are doing dodgy things with your data, but there’s no certainty in how that information will or won’t be used. Likewise, there's often zero indication of how long that data could be stored.
Companies like Foursquare claim not to store any data after using it to match your friends, while others like Twitter keep your address book on file for 18 months (with an option to delete at any time). And then there are companies like Path that store information indefinitely until it’s discovered they’ve been doing so.
Biddle hits the nail on the head when he says this change needs to begin with iOS. Apple will need to revise the way it currently works with apps and stop allowing an all-access pass to user information. Until that happens, all we have is trust. And that's not something that should be given freely.
[Update] AllThingsD reports that Apple is cracking down on developers and will make it mandatory for them to make it explicitly clear to users when an app is requesting address book info.