News by Dan Seifert on Thursday February 09, 2012.
|Sponsored links, if any, appear in green.|
There has been quite the commotion over a certain social networking app for iOS called Path this week and its practice of uploading a user's entire contact list to one of its servers. While Path has since apologized for this practice and promises to delete the stored user data, it has come to light that this is a fairly common thing among iOS developers, and it happens without the user ever knowing.
Much has been said over the sandboxing of data and apps and the assumed level of security that one has when they use an iOS device, but, apparently, Apple has decided that apps can access the user's contacts freely and do whatever they would like with that data, without having to ask the user for permission. iOS apps have to explicitly ask the user for permission to access their location (thanks to the brouhaha over the iPhone tracking scandal from 2011), but they do not have to ask to access the contact list, which some may feel contains even more private information.
Path's argument, which is likely the argument that many app developers would make on this topic, is that with the user's contact data, it could suggest when their friends have joined the service and prompt them to link up. The company insists that the data was stored securely and was not used for any other purpose, such as marketing or spamming. An admittedly small survey done of 15 popular apps in the iTunes App Store revealed that 13 of them access the contact data stored on the iPhone and transmit it to a remote server, allowing developers to potentially amass millions of contact records.
It seems that any app, whether it be an innocuous game or a calculator app, can access the iOS contact list and do whatever it pleases with it. Apple has yet to chime in on this issue, but if it gains enough steam, we wouldn't be surprised to see Apple enact new restrictions in the iTunes App Store that, at the very least, force developers to ask the user for permission to access their contact list. [via Dustin Curtis and Jason Kottke]
Dan is MobileBurn.com's Editor-in-Chief. Based in Poughkeepsie in New York, Dan can be found on Twitter as @DCSeifert.