Apple to block third-party access to Notes field in Contacts with iOS 13

Apple's iOS 13 will block third-party apps from accessing the "Notes" field when requesting data from Contacts, addressing a little known but potentially impactful security hole in the company's mobile operating system.

Apple revealed the change in information handling, which addresses concerns over inadvertent data sharing, at its Worldwide Developers Conference in San Jose this week, reports TechCrunch.

Currently, apps that are granted access to a user's address book can pull in a contact's name, phone number, address, email address and more, including data from the Notes field. While many leave the field blank, some use it as a makeshift scratchpad for storing potentially private information.

For example, some users save credit card credentials and PIN numbers, while others might jot down potentially damning opinions or comments about a contact they would rather not see shared.

The Notes field is unencrypted and will remain as such in iOS 13, but the forthcoming OS will, in most cases, deny third-party app access to data stored within.

Apple said that developers who believe they have valid reason for accessing the data field can file for an exception, though the company points out that most apps do not need access to the private information.

Apple is packing a veritable boatload of new additions, updates and modifications into iOS 13, including marquee features like Dark Mode, QuickPath swipe-to-type keyboard and a variety of security enhancements. The software is due for release this fall.

19 Comments

fastasleep 14 Years · 6451 comments

About 5 years ago

I found out a while back that my dad was keeping passwords as entries in Contacts on his iPhone. Very odd.

cornchip 11 Years · 1943 comments

fastasleep said:

I found out a while back that my dad was keeping passwords as entries in Contacts on his iPhone. Very odd.

LoL yikes!

another related thought I had the other day was - it would be nice to be able to select/choose exactly which items of a contact you want to share. So when you tap “share contact” you would get a little pop up where you get to tap which fields will be sent with a “share all fields” button. So if you only want to share just your (or someone else’s) email you tap only that field. Obviously now you can simply long press on a field & copy/paste, but then if you want to share two or three fields it starts becoming cumbersome with the back & forth copying & pasting when it could just be two or three additional taps.

flydog 14 Years · 1141 comments

Any minute someone will chime in that this violates antitrust law and proves Apple has a monopoly.

djames4242 14 Years · 654 comments

Hope they don't do this with MacOS, too. I'm a big fan of BusyContacts and would hate for it to be affected by this.

Rayz2016 8 Years · 6957 comments

fastasleep said:

I found out a while back that my dad was keeping passwords as entries in Contacts on his iPhone. Very odd.

Seen something very similar: a friend keeping PIN numbers next to credit card numbers in his contact card on his phone. He even put spaces in the card number so you could tell it was a credit card number.

Though if Apple is going to try protecting every user from every stupid thing they try to, then at some point in the future they’ll need to stop folk from from switching on their phones.