|

Path and its aftermath: Which iOS apps access your contacts?

Consumer Reports News: February 15, 2012 10:53 AM

Update: Apple says that soon apps that use address book data will require explicit user permission to do so, reports All Things D.

Update: As a result of the Path firestorm, two members of Congress have sent a letter to Apple regarding the company's app developer policies and practices, and whether they "may fall short when it comes to protecting the information of iPhone users and their contacts."

Path, a social-media app for iPhones, made many headlines recently after researchers discovered the software was uploading users' contact information from address books without getting their permission to do so. The company has since apologized to users and updated the app so that they can opt out of sharing their address books.

But tech site The Verge has done some additional testing and found that Path was not alone in pulling this information from users without asking. In fact, according to the site:

Stated simply: any iOS app has complete access to a large amount of data stored on your iPhone, including your address book and calendar. Any iOS app can, without asking for your permission, upload all of the information stored in your address book to its servers. From there, the app developer can either use it to help find your friends, store it in perpetuity, or do any number of other things with it.

The Verge checked a number of apps that make use of subscribers' address books and discerned three categories:

  • Egregious offenders: Apps that upload address books without asking or informing you. These include FourSquare, a location-based mobile social networking app.
  • Clear cases: Apps that upload your address book but do so only when you initiate an action in the app. Examples are the apps for Twitter, Facebook, and LinkedIn.
  • Explicit warners: Apps that let you know you're about to upload your address book. This group now includes Path, as well as Hipster (an app that lets you post geotagged digital pictures), and Instagram, a popular photo-sharing app.

There are certainly legitimate reasons for an app to access a user's address book, particularly apps that share things like pictures and locations with friends. But judging by the amount of negative attention Path received recently, most app users would rather be told it's happening and to have the ability to say no. Hopefully more apps will join the second and third groups.

In general, make sure to read through all the permissions requests before you download an app on any mobile platform, tedious though that may be, so you have an idea of what you're getting into and what you may be sharing when you use the app.

For more safety tips. see Consumer Reports Guide to online safety.

Related:
5 ways to protect your smart phone
Cell phone apps may be susceptible to data breaches

iOS apps and the address book: who has your data, and how they're getting it [The Verge]

Carol Mangis

   

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics & Computers News

Connect

and safety with
subscribers and fans

Follow us on:

Cars

Cars New Car Price Report
Find out what the dealers don't want you to know! Get dealer pricing information on a new car with the New Car Price Report.

Order Your Report

Mobile

Mobile Get Ratings on the go and compare
while you shop

Learn more