iOS Apps Take User Data Without Permission?
0A short while ago, the folks behind the popular app Path had to apologize for uploading users’ address books to Path servers. Path did apologize for not asking for permission and made the appropriate changes immediately. It seems Path was not the only app taking users’ data. Facebook, Twitter, Gowalla, and Footspotting are just a few applications that send actual names, email addresses, and other information to their servers.
It is interesting to note that many smartphone users do not mind sharing their information with the apps they are using if asked. But some of these applications do not ask for permission before grabbing the data. As VentureBeat has pointed out, Instagram and Foursquare only added permissions prompt after Path was caught. Many experts have used tools such as mitmproxy to investigate what iOS apps do with their user data. The results have not been pretty.
Apple has guidelines that strictly prohibit this type of approach for app developers. This has been available since 2010 but some app companies are still not following the policies properly:
17.1: Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
It is not possible for Apple to monitor every app to see whether they are 100% compliant with these rules. Considering that many app users are outraged with these latest revelations, it is not out of the realm of possibility for Apple to limit access to the contacts database and other private information for apps. Of course, iPhone and iPad users need to stay vigilant and keep an eye on what they install and share on their devices. That is just common sense.