iOS apps: Massive invasion of user privacy?

iOS apps: Massive invasion of user privacy?

Summary: A study of iOS developers suggests data harvesting may be more serious than anticipated. Zuckerberg's number, anyone?


Many iOS developers have access to personal information that, if made truly public, would probably make users uneasy.

According to Dustin Curtis, a writer and user interface designer, there is a 'quiet understanding' among iOS developers that it is a perfectly acceptable practice to harvest information from user address books and store the data away for use in the future on a server.

A survey completed by Curtis involved contacting 15 developers of popular iOS applications. In a twist that beggars belief, 13 of them told Curtis that they had access to a 'contacts database' with millions of records containing personal and private information that should not be made public at any point.

One company's database is reported to contain data including:

  • Mark Zuckerberg's cell phone number;
  • Larry Ellison's home phone number;
  • Bill Gates' cell phone number.

This is data that we would expect to not be available in a public manner. Yet, the majority of these developers have access to it through databases.

In the aftermath of Path's apology for storing the address book details of users within its servers, the uproar that such practices were allowed to pass can still be keenly felt. The address book details stored on a user's smartphone became harvested by Path through an 'Add Friends' feature. The company apologized rapidly in desperate damage control limitation, admitting that 'the way we had designed our ‘Add Friends’ feature was wrong'.

However, it is almost impossible that Path are the only ones who indulge in such practices, and simply that they were the ones who were caught out.

Considering this, why exactly does Apple allow iOS applications to access any information stored within a user's address book without explicit permission? Other operating systems, such as Android, force apps to ask for this kind of consent before any changes can be made to a device, and no information can be transferred without the knowledge of the user.

Curtis points out that on iOS, other data sources seem to have the kinds of stringent protection that such a simple facility, an address book, lacks. Is this merely a mistake on behalf of Apple, or is it more -- an overlooked breach of trust?

On the matter, Curtis says:

"Because Apple provides extremely easy access to address book data, the pro -- that is, using the data to improve user experience, increase virality and growth, etc. -- outweighs the con. To stay on equal footing, larger apps, like Yelp, Facebook, and Foursquare, have to follow along. From a design perspective, it is a concession of user growth at the expense of user trust."

There may be beneficial reasons for wishing to store this kind of information -- for example, in an attempt to improve the customer experience. However, if the information is transferred without the full knowledge, understanding and consent of a mobile device user, then can we not also label it as a breach of privacy?

Or should we simply accept the exchange as part of using an application, even when information such as a friend's contact details are not ours to give?

This could have some serious repercussions if one considers privacy protection laws, and raises questions as to what data we ourselves actually own and can therefore use as we see fit -- and what companies should be allowed to store.



Topics: Hardware, Apple, Mobile OS, Mobility, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: iOS apps: Massive invasion of user privacy?

    You may have touched upon the proverbial "tip of the iceberg". It will be interesting to see how this scenario plays out.
  • RE: iOS apps: Massive invasion of user privacy?

    No one will care. Everyone loves Apple unconditionally.
    • RE: iOS apps: Massive invasion of user privacy?

      Only the foolish loves any company unconditionally.
      • RE: iOS apps: Massive invasion of user privacy?

        @kris_stapley@... yes it a licence to rob everyone. a company must be forced to come clean on it's business practices and be made to compete against strong competitors.
      • RE: iOS apps: Massive invasion of user privacy?

        @kris_stapley@... These are Kool-Aid drinkers... your point is made. :)
      • RE: iOS apps: Massive invasion of user privacy?

        @kris_stapley@... loves Microsoft unconditionally.
      • RE: iOS apps: Massive invasion of user privacy?

        It's true, @kris_stapley@...

        Which makes your point totally hypocritical.

        Come back when you're ready to walk-the-walk. Until then, don't preach to anybody.
    • RE: iOS apps: Massive invasion of user privacy?

      @lippidp - Yes - it's been fascinating to see how Apple's production partners treats their employees and how little the Apple crowd seems to care.
      • RE: iOS apps: Massive invasion of user privacy?

        @nottheusual1 Right, so Apple publish their report every year because nobody cares...<br><br>Seriously, go look at Apple's home page ( you'll see the report merits one of the 5 badges. How else in the industry take it more seriously than that?<br><br>You think Foxxcon et al only make stuff for Apple? You think your PC was made by fsck'in elves?

        (For those curious those are the same elves that make sure your hard disk is working properly)
    • RE: iOS apps: Massive invasion of user privacy?


      Don't start the trolling. There are a very vocal super-minority that feel Apple can do no wrong. Most users of Apple products realize that the company is not infallible.
      • RE: iOS apps: Massive invasion of user privacy?

        @gribittmep You do realize don't you that there is the very vocal same super-minority for every brand out there right? Apple by no means has an exclusive on this.
    • RE: iOS apps: Massive invasion of user privacy?

      @lippidp <br><br>This only confirms what I have always believed about Apple;<br><br>[b]it is [i]rotten[/i] to the core.[/b]<br><br>And, [b]NO[/b], I am [u]not[/u] a micro$oft fanboy.
    • RE: iOS apps: Massive invasion of user privacy?

      See this is the problem. I bet he is one of the quality evangels. But, every little thing someone find out about Microsoft is the end of the world, to this person. To lust after money is evil; to lust after a piece of equipment is most evil! Not judging, just saying!!!
    • RE: iOS apps: Massive invasion of user privacy?

      @lippidp FYI I hate Apple very much .
    • RE: iOS apps: Massive invasion of user privacy?

      @lippidp I use an iPhone and [i]I[/i] care about this. And I sure as hell do not want the contents of MY address book available to anyone without MY approval. Apple needs to fix this and fix it NOW.
    • RE: iOS apps: Massive invasion of user privacy?

      Sort of like all Google fanboys give all their contacts to Google when they use Gmail. Same with Facebook. This divulging of private information has become an epidemic and needs to be controlled on all fronts.
      • Hold on...

        @jorjitop When I registered my Android phone and tablet, I was given an *option* to sync my contacts and calendar. It's not manditory.

        The difference here is that these are apps on your phone or tablet that are accessing data and uploading it *without permission* and without any obvious need to do so.

        It's not the same thing at all.

        As for Google Mail, you don't need to upload contacts there either - although that will make GMail clumsier to use.
      • RE: iOS apps: Massive invasion of user privacy?

        @TheWerewolf This seems to suggest different:

        Firstly there are two APIs (one "old" that's there for compatibility, and a "new" one). I've only bothered looking at the new one (because I'm lazy). Nowhere is the developer warned that such a look up might fail (as would happen if the user denied the request). The objects returned aren't tracked (you can get at the raw data - primitive types) so you can do what you like with them.

        So I see no mechanism to offer any additional protection over that of iOS (and the replacement of one API with another API where both are needed for compatibility shows fixing this would be considerably more difficult).

        If any protection was provided the developer would need to know to enclose it in a try/catch construct (messages to nil objects cause crashes in Java).
  • RE: iOS apps: Massive invasion of user privacy?

    Don't worry, Wackoae and Mr. Vegas will be around to tell us that Android users are stupid and this doesn't happen on their chosen OS... If they will do it on one platform, they will do it on another!
    • Not all Android users .... only the pathetically apologetic ...

      @Peter Perry Like some one we know.<br><br>And it is kind of pathetic to throw stones .... when Android is very well known for being a full blown spyware OS.<br><br>But that doesn't excuse Apple for the privacy violation. A violation is a violation and unlike the dumb and pathetically apologetic Android users who make excuse after excuse, I have no problem pointing the finger to the source of the problem.