Roger Fingas
A largely unnoticed change in the revised App Store Guidelines Apple issued during WWDC was a ban on developers building their own databases with collected contact info, and/or sharing them without further permission.
Until the revised guidelines were released last week, iOS developers only needed to secure initial permission to harvest contact data, Bloomberg noted on Tuesday. iOS Contacts can contain not just phone numbers and email addresses but other saved information such as photos and birthdays.
"The address book is the Wild West of data," one anonymous developer explained prior to WWDC. "I am able to instantly transfer all the contacts info into some random server or upload it to Dropbox if I wanted to, the very moment a user says okay to giving contacts permission. Apple doesn't track it, nor do they know where it went."
Under the new rules, developers are not only barred from creating, sharing, or selling databases based on harvested contact info, but must use contact data explicitly for what they say they will unless they get further permission.
Likewise, apps can't contact people "except at the explicit initiative of that user on an individualized basis," and must offer message previews.
Apple will likely have a difficult time enforcing the new policy, but should be able to wield it when it learns of privacy breaches through media reports and security researchers.
The company has dealt with a number of contact-related privacy issues in the past, most famously a 2012 controversy over Path. The app was found to be uploading contact lists without permission, an incident which ultimately led to some of Apple's tighter restrictions. The U.S. Federal Trade Commission sued Path, eventually settling out of court, but Apple CEO Tim Cook reportedly dressed down Path's CEO in person during the debacle.
Sponsored Content
Wesley Hilliard
AppleInsider Staff
Andrew Orr
Amber Neely
William Gallagher
36 Comments
I personally think a users Contacts should be unattainable on iOS. No apps should be left near them. Completely sandboxed and locked down, as safe as a user’s unlock password. It’s one of the reasons I refuse to use WhatsApp, for example. I will never give my contact book to any app... ever. Apple should rethink this. It’s serious.
Fuck Facebook... fuck snapchat... fuck Twitter... fuck WhatsApp. Fuck them all. They should not have our contacts and be able to determine who we know and where they live and likely relationship—those details are private and no business of any corporation. I remember about four years ago when I re-signed up for Facebook, they rold me: “here are some people you might know”, and it was cousins and friends and relations. Because others clicked a button on their phone these companies get my private data? I don’t think that’s very fair, safe, private, and I think long term it’s a recipe for disaster, tbh. These companies should not have our contact data.
As soon as FB asked me if it could use my mobile number as contact displaying it I removed FB application from phone alltogether and it will not come back. I can use it on PC or iPad, but mobile phones will never see FB or similar apps. That went too far. Also I will never get why scam call detection apps ask question to access my contacts. They need to access blocked numbers on my phone in the first place - they are not getting any info about my contacts. I agree contacts should be secured additionally and apps should never ask for access to them in order to function properly. Now with GDPR in life since May some may be cwareful for abousinbg this information as it may end up in court in European Union... regardless if you ask for access in the USA or elsewhere.... so do not ask if you do not want to be forced to show up in court in EU.
FINALLY!!!!
I would like to share the phone number contacts I've blocked. Shirley someone can make an app to share that database that then allows a user to import blacklisted numbers to be blocked.
That’s going to hurt Whatsapp. It won’t allow you to do anything unless you grant it access to search your contacts.