Update: Apple says that soon apps that use address book data will require explicit user permission to do so, reports All Things D.
Update: As a result of the Path firestorm, two members of Congress have sent a letter to Apple regarding the company's app developer policies and practices, and whether they "may fall short when it comes to protecting the information of iPhone users and their contacts."
Path, a social-media app for iPhones, made many headlines recently after researchers discovered the software was uploading users' contact information from address books without getting their permission to do so. The company has since apologized to users and updated the app so that they can opt out of sharing their address books.
But tech site The Verge has done some additional testing and found that Path was not alone in pulling this information from users without asking. In fact, according to the site:
Stated simply: any iOS app has complete access to a large amount of data stored on your iPhone, including your address book and calendar. Any iOS app can, without asking for your permission, upload all of the information stored in your address book to its servers. From there, the app developer can either use it to help find your friends, store it in perpetuity, or do any number of other things with it.
The Verge checked a number of apps that make use of subscribers' address books and discerned three categories:
- Egregious offenders: Apps that upload address books without asking or informing you. These include FourSquare, a location-based mobile social networking app.
- Clear cases: Apps that upload your address book but do so only when you initiate an action in the app. Examples are the apps for Twitter, Facebook, and LinkedIn.
- Explicit warners: Apps that let you know you're about to upload your address book. This group now includes Path, as well as Hipster (an app that lets you post geotagged digital pictures), and Instagram, a popular photo-sharing app.
There are certainly legitimate reasons for an app to access a user's address book, particularly apps that share things like pictures and locations with friends. But judging by the amount of negative attention Path received recently, most app users would rather be told it's happening and to have the ability to say no. Hopefully more apps will join the second and third groups.
In general, make sure to read through all the permissions requests before you download an app on any mobile platform, tedious though that may be, so you have an idea of what you're getting into and what you may be sharing when you use the app.
For more safety tips. see Consumer Reports Guide to online safety.
5 ways to protect your smart phone
Cell phone apps may be susceptible to data breaches
iOS apps and the address book: who has your data, and how they're getting it [The Verge]