Apple’s promising to close the loophole that allows apps to harvest the content of users’ address books without specific permission.
A couple of weeks ago, it was revealed that a number of applications – most notably the Path photo-sharing app – were uploading users’ entire address books to their servers.
While Path was quick to apologise, many slated Apple for hacing allowed applications to do it in the first place.
Now, though, Apple’s saying that such apps are in violation of its quidelines, and that in future any app wishing to access contact data will require explicit user approval in the same way as those using location data.
The move follows a letter to Apple CEO Tim Cook by Congress members Henry Waxman and G K Butterfield in which they suggest that Apple has been turning a blind eye to the practice, despite the fact that it appears to contravene developer guidelines.
“One blogger claims to have conducted a survey of developers of popular iOS apps and found that 13 of 15 had a ‘contacts database with millions of records’ – with one claiming to have a database
containing ‘Mark Zuckerberg’s cell phone number, Larry Ellison’s home phone number and Bill Gates’ cell phone number,” reads the letter.
“The fact that the previous version of Path was able to gain approval for distribution through the Apple iTunes Store despite taking the contents of users’ address books without their permission suggests that there could be some truth to these claims.”
Apple’s guidelines will now specifically cover address book data. In practice, this will probably mean that users will simply have to give permission to access address data in the same way as location data.