Shrewd
Source: http://gizmodo.com/5885321/how-iphone-apps-steal-your-contact-data-and-why-you-cant-stop-it
The internet is starting to realize something unsettling: our iPhones send information about the people we know to private servers, often without our permission. Some offending apps are fixing themselves. Some aren’t. But the underlying problem is much bigger.
Apple allows any app to access your address book at any time—it’s built into the iPhone’s core software. The idea is to make using these apps more seamless and magical, in that you won’t have dialog boxes popping up in your face all the time, the way Apple zealously guards your location permissions at an OS level—because fewer clicks mean a more graceful experience, right? Maybe, but the consequence is privacy shivved and consent nullified. Your phone makes decisions about what’s okay to share with a company, whose motivation is, ultimately, making money, without consulting you first.
Once you peel back that pretty skin of your phone and observe the software at work—we used a proxy application called Charles—watching the data that jumps between your phone and a remote server is plain. A little too plain. What can we see?
As Paul Haddad, the developer behind the popular Twitter client TapBot pointed out to me, some of App Store’s shiniest celebrities are among those that beam away your contact list in order to make hooking up with other friends who use the app smoother. From Haddad’s own findings:
Foursquare (Email, Phone Numbers no warning)
Path (Pretty much everything after warning)
Instagram (Email, Phone Numbers, First, Last warning)
Facebook (Email, Phone Numbers, First, Last warning)
Twitter for iOS (Email, Phone Numbers, warning)
Voxer (Email, First, Last, Phone numbers, warning)
Foursquare and Instagram have both recently updated to provide a much clearer warning of what you’re about to share. Which every single app should follow, providing clear warnings before they touch your contacts. But plenty of apps aren’t so generous. “A lot of other popular social networking apps send some data,” says Haddad, “mostly names, emails, phone numbers.” Instapaper, for example, transmits your address book’s email listings when you ask it to “search contacts” to connect with other friends using the app. The app never makes it clear that my data (shown up top) is leaving the phone—and once it’s out of your hands and in Instagram’s, all you can do is trust that it’ll be handled responsibly. You know, like not be stored permanently without your knowledge.
Trust is all we’ve got, and that’s not good. “Once the data is out of your device there’s no way to tell what happens to it,” explains Haddad. Companies might do the decent thing and delete your data immediately. Like Foursquare, which says it doesn’t store your data at all after matching your friends, and never has. Twitter keeps your address book data for 18 months “to make it easy for you and your contacts to discover each other on Twitter after you’ve signed up,” but can delete the data at any time with a link at the bottom of this page. Or a company might do the Path thing, storing that information indefinitely until they’re publicly shamed into doing otherwise. Or worse.
We need a solution, and goodwill on the part of app devs is going to cut it. All the ARE YOU SURE YOU WANT TO DO THIS? dialog boxes in the world won’t absolve Apple’s decision to hand out our address books on a pearly platter. iOS is the biggest threat to iOS—and nothing short of a major revision to the way Apple allows apps to run through your contacts should be acceptable. But is that even enough? Maybe not.
Jay Freeman, developer behind the massively popular jailbroken-iPhone program Cydia, doesn’t think Apple’s hand is enough to definitively state who gets your address book, and when:
“Neither Apple nor the application developer is in a good position to decide that ahead of time, and due to this neither Apple’s model of ‘any app can access the address book, no app can access your recent calls’, nor Google’s method of ‘developer claims they need X, take it or leave it’ is sufficient.”
Freeman’s solution? Cydia’s “one-off modifications to the underlying operating system” that we deal in, nicely transfers this control back to the user.” In other words, we can’t trust Apple or the people that make apps—so let’s just trust ourselves to control how iOS works.
Freeman left us with one, final, disquieting note. Shrewd devs and others with the knowhow have been able to dig through app traffic to find out of they’re shoveling around your address book. But there’s no easy way to do this—and if a dev really wants to sneak your data through the door, there’s technically nothing we can do to stop him: “There are tons of complex tricks that can be used to smuggle both information in network traffic and computation itself.” It’s a problem fundamental to computer science—once the data’s in a dev’s hands, he can conjure it away, too small to be noticed by App Store oversight in churning sea of other apps.
Unless Apple keeps him from getting that information in the first place by letting us all make informed decisions with our phone and the private life poured into it. Your move, iOS.
Photo: Motorolka/Shutterstock
Digital Consigliere
Collaborators – Digital Profs
Pages
Popular Posts
- Netflix vs Blockbuster - Perfect example of an industry replaced by a more efficient version of itself
- What is Web 3.0? Characteristics of Web 3.0
- Try On New Glasses in Warby Parker's Virtual Booth
- The JKWeddingDance video was real; the viral effect was MANUFACTURED - Post 1 of 2
- Samsung 52 inch HDTV $9.99 at BestBuy - purchase receipt below (6:21a eastern time August 12, 2009)
- Coke vs Pepsi vs Dr Pepper
- Marketing Costs Normalized to CPM Basis for Comparison
- drag2share: This Chart Shows Gap's Biggest Problem
- Facebook advertising metrics and benchmarks
Tags
Prototype Web Services
- drag2share – quickly share news items by drag and drop on email addresses
- LivePhotoFrame – upload and remotely manage a digital photo frame via unique URL
- MedleyTuner – create a continuous listening experience by uploading mp3s
- MusicSamplr – discover new artists and music, listen to samples
- SharedMost – what links on ANY webpage are shared most?
- Signatory – sign and date a document and verify it hasn't been altered since that exact time.
- WebTeleprompter – just what it says it is
Archives
- February 2016 (2)
- January 2016 (6)
- October 2015 (2)
- September 2015 (7)
- August 2015 (6)
- July 2015 (2)
- June 2015 (5)
- May 2015 (4)
- April 2015 (32)
- March 2015 (57)
- February 2015 (79)
- January 2015 (86)
- December 2014 (69)
- November 2014 (98)
- October 2014 (150)
- September 2014 (109)
- August 2014 (44)
- July 2014 (92)
- June 2014 (118)
- May 2014 (173)
- April 2014 (130)
- March 2014 (247)
- February 2014 (167)
- January 2014 (222)
- December 2013 (167)
- November 2013 (111)
- October 2013 (116)
- September 2013 (214)
- August 2013 (210)
- July 2013 (200)
- June 2013 (87)
- May 2013 (87)
- April 2013 (70)
- March 2013 (114)
- February 2013 (89)
- January 2013 (136)
- December 2012 (96)
- November 2012 (130)
- October 2012 (147)
- September 2012 (93)
- August 2012 (93)
- July 2012 (112)
- June 2012 (71)
- May 2012 (82)
- April 2012 (80)
- March 2012 (122)
- February 2012 (114)
- January 2012 (129)
- December 2011 (60)
- November 2011 (54)
- October 2011 (29)
- September 2011 (17)
- August 2011 (30)
- July 2011 (18)
- June 2011 (19)
- May 2011 (22)
- April 2011 (23)
- March 2011 (52)
- February 2011 (69)
- January 2011 (108)
- December 2010 (82)
- November 2010 (67)
- October 2010 (68)
- September 2010 (44)
- August 2010 (101)
- July 2010 (61)
- June 2010 (28)
- May 2010 (28)
- April 2010 (26)
- March 2010 (33)
- February 2010 (21)
- January 2010 (13)
- December 2009 (4)
- November 2009 (2)
- October 2009 (14)
- September 2009 (6)
- August 2009 (19)
- July 2009 (34)
- June 2009 (11)
- May 2009 (4)
- April 2009 (6)
- March 2009 (13)
- February 2009 (32)
- January 2009 (25)
- December 2008 (1)
- October 2008 (1)
- June 2008 (1)
- November 2007 (1)