

Your address book is mine: Many iPhone apps take your data - kirbmart
http://venturebeat.com/2012/02/14/iphone-address-book/

======
feralchimp
> On the web, Twitter informs its members that it stores contacts for up to 18
> months, and may use contact information to make “Who To Follow” suggestions.

Twitter is the only one of these services I use, and when I read that line it
took me 5 minutes to decide whether to actually uninstall the Twitter client
from my phone. I decided to try to get this bad news from the horse's mouth.

<https://twitter.com/privacy> contains Twitter's privacy policy. Does it
actually say what the article claims?

TL;DR: No.

The number '18' occurs exactly once. It is used in this context:

 _Log Data: Our servers automatically record information ("Log Data") created
by your use of the Services. Log Data may include information such as your IP
address, browser type, the referring domain, pages visited, your mobile
carrier, device and application IDs, and search terms. Other actions, such as
interactions with our website, applications and advertisements, may also be
included in Log Data. If we haven’t already deleted the Log Data earlier, we
will either delete it or remove any common account identifiers, such as your
username, full IP address, or email address, after 18 months._

The word 'contact' appears 5 times, in these contexts:

1\. _If you have any questions or comments about this Privacy Policy, please
contact us at privacy@twitter.com._

2\. _We may use your contact information to send you information about our
Services or to market to you._

3\. _If you email us, we may keep your message, email address and contact
information to respond to your request._

4\. _If you become aware that your child has provided us with personal
information without your consent, please contact us at privacy@twitter.com._

5\. Page footer: _© 2012 Twitter About Us Contact Blog Status Resources API
Business Help Jobs Terms Privacy_

The phrase 'address book' appears once, in this context:

 _Additional Information: You may provide us with additional information to
make public, such as a short biography, your location, or a picture. You may
customize your account with information such as a cell phone number for the
delivery of SMS messages or your address book so that we can help you find
Twitter users you know._

~~~
hammock
You think what you've quoted from their privacy policy exonerates Twitter, but
you may simply be misinterpreting it.

 _Twitter Inc. has acknowledged that after mobile users tap the "Find friends"
feature on its smartphone app, the company downloads users' entire address
book, including names, email addresses and phone numbers, and keeps the data
on its servers for 18 months. The company also said it plans to update its
apps to clarify that user contacts are being transmitted and stored.

The company's current privacy policy does not explicitly disclose that Twitter
downloads and stores user address books.

It does say that Twitter users "may customize your account with information
such as a cellphone number for the delivery of SMS messages or your address
book so that we can help you find Twitter users you know."

As with many online social services, Twitter allows users to look for friends
that are also registered users. In the case of Twitter's iPhone app, users see
a screen noting that the service will "Scan your Contacts for people you
already know on Twitter." The short description of the feature does not
mention that it also downloads every entry in the address book and stores it.

Twitter's current privacy policy notes that some categories of "Log Data" are
stored for up to 18 months.

"Log Data may include information such as your IP address, browser type, the
referring domain, pages visited, your mobile carrier, device and application
IDs, and search terms," the policy says. "Other actions, such as interactions
with our website, applications and advertisements, may also be included in Log
Data."_

[http://www.latimes.com/business/technology/la-fi-tn-
twitter-...](http://www.latimes.com/business/technology/la-fi-tn-twitter-
contacts-20120214,0,5579919.story?track=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+latimes%2Fmostviewed+\(L.A.+Times+-+Most+Viewed+Stories\))

~~~
feralchimp
> You think what you've quoted from their privacy policy exonerates Twitter,
> but you may simply be misinterpreting it.

Exonerates? Not at all!

My point was just that (contrary to the article) Twitter doesn't make any
claims whatsoever about how long they hold your Address Book data.

In fact, since it's mentioned along with other "data with which users may
customize their account," that sort of implies that they consider it an
integral and permanent part of your customized account profile. If someone
told me that the data stays around until I choose to delete my account, I
don't see anything in the privacy policy that would contradict that.

------
itg
I really think Apple needs to do something here with their next update. For
every company that does the right thing by asking permission first, who knows
how many are being sneaky.

~~~
BillPosters
Agreed. But you're being too kind on Apple. This is the worst privacy breach
from Apple in iPhone's history.

No point blaming app programmers. The functionality for apps to acquire the
address book without asking shouldn't exist.

Dear Apple, thank you for protecting me from adult material in the app store.
But, can you... er, this is awkward... can you NOT GIVE MY ADDRESS BOOK AWAY
WITHOUT MY PERMISSION? Thanks. And sorry for yelling, it's just, y'know, my
address book and all.

~~~
ugh
The app programmers do have to take the blame. Those breaches of privacy have
always been possible on desktop PCs but app programmers usually didn’t do them
because that would make them a pariah.

I do not know why developers for mobile apps suddenly think that has changed.
But they do. That’s certainly a problem and Apple should react to it quickly.
The culprit, though, are still the developers who overstepped a pretty clear
line.

~~~
replax
"Always been possible on desktop PCs"

Well, yes, but unlike on your iPhone you could actively do something against
it. E.g. let outlook encrypt your address book, change the addressbook access
permissions etc. it was trivial to bar anyone/thing from accessing your
address book without having to remove the software you want to use.

On the iphone, you can only chose to install an app or not, if you chose to
install, you have to accept anything that comes with it.

~~~
ugh
Trivial? No, not at all. Not in the slightest.

~~~
replax
I think I did not make my point clear enough. It is trivial to make it
inaccessible to programs who assume that it is easily accessible. I did not
mean to include solely malicious programs.

If you stick your addressbook into a truecrypt container 100% of programs (i
know there is no 100% security, but there is not enough space to spell out all
99.999999s) will not be able to access it anymore without you
unlocking/mounting it first. Thus, requiring your permission.

------
chubs
What if your address book was hashed (sha1, bcrypt) and then uploaded? In that
case, all that would be uploaded is a list of hashes for the email addresses
or phone numbers of people i know.

Then, when another person signs up for an account, it's easy to see who they
should suggest they should join, but nowhere is any personal data being
stored.

Sounds like it'd work to me?

~~~
DenisM
It would take laughably small time to bruteforce the phone number out of a
hash. Knowing the algorithm I can compute all possible 10,000,000,000
combinations and store them in one file.

Same goes for hashing IPv4 addresses. There is no way to make eitther one
secure by hashing.

~~~
chubs
You're right in the case of SHA1. However, with a suitable work factor, you
can't bruteforce bcrypt AFAIK

~~~
harryh
1) bcrypt uses salts so that won't work at all

2) if you use some other computationally expensive hash you run into the
problem of low powered mobile hardware. Remember you're not hashing 1 thing,
but dozens or hundreds of phone numbers or email addresses.

~~~
chubs
You know, i think you're right - if we use different salts for each
emails/phones, there'd be no way of ensuring that different users use the same
salts, or even if we stored the salt along with the hash, it wouldn't be much
use. Hmm this is a tricky problem!

------
shalmanese
I don't think anyone has ever had a problem with explicitly asking and
allowing users to opt-out. Apps that do that shouldn't be lumped in with the
other ones.

~~~
unfletch
Which ones are lumped in? Facebook and Instapaper are explicitly mentioned as
examples of apps that prompt for permission before accessing the address book.
Instagram, Foursquare and Path's prompts are only mentioned in passing, but
those apps only added a prompt after the original story broke a week or so
ago.

------
donohoe
Upload or Store?

Path stored the data but I know 4sq does a search against it but does not
store it. That can make a huge difference...

~~~
baddox
How so? For one thing, there's no way to know if they're even being honest
about whether they store the data.

~~~
harryh
That's certainly true, but at some level you have to trust us right? Consider
that the whole basis of foursquare is that you're telling us where you're
going or using us to figure out where to go next. That information is probably
a lot more sensitive than your address book.

I think we've earned that trust over the past 3 years, and will continue to
earn it over and over again into the future by sticking to our word and being
transparent about what happens to your data when you send it to us.

I'm not sure how else it could work?

~~~
baddox
That's essentially what I'm saying. Installing an app on a phone with
personally information is implicitly trusting the developers of that app. A
least for technical people, it would be foolish to blindly trust a phone
manufacturer's sandboxing and policies.

------
anigbrowl
I don't think those firms necessarily view this behavior as 'broken' to begin
with.

------
yuhao
That instagram screenshot clearly shows that the transmission is over https,
which means that the whole "susceptible to would-be interceptors" thing
invalid. That is, unless you're under attack by a man-in-the-middle proxy. If
this is the case, then you have bigger issues on your hands. The foodspotting
screenshot is over plain http, though, so it IS susceptible to a normal
eavesdropping attack.

------
barce
There's a fine difference between uploading and storing, and uploading and not
storing.

The issue with Path is that they stored the data. Instagram and 4Square do
not. They have to re-crunch the "numbers."

------
motoford
You know how every once in awhile you hear about some celebrity's phone
getting "hacked" and their contact list stolen?

HHmmmmm........

------
v-yadli
"All your address books are belong to us!"

------
Intermernet
Just wondering if you could:

1\. Hash first on the device (SHA-2, no salt) after converting to common case
and removing extraneous characters from contact data. 2\. Send hashes over
secure connection (SSL, TLS). 3\. Hash again on the server (SHA-2, salted with
value known only to service provider) 4\. Delete all data a reasonable time
after comparison / mapping is done.

This way, although it's not unbreakable, there are the advantages of:

\- Encrypted, pre-hashed data over the wire. \- Easily comparable data on the
server. \- _Reasonably_ secure server side storage as long as the salt is
secured.

Dumb idea?

------
gojomo
Twitter also does it as part of the special iOS5-privileged settings panel:

[http://cache.gizmodo.com/assets/images/4/2011/06/ios5twitter...](http://cache.gizmodo.com/assets/images/4/2011/06/ios5twitter2.jpg)

That must have had close Apple review as part of the official iOS/Twitter
integration.

The explanation underneath the 'Update Contacts' button is somewhat
reasonable, though it may not register with most people that, barring some
unlikely fancy indirection, to 'use' email addresses and phone numbers means
they're being reported to Twitter's servers.

------
dcosson
Honestly, I don't understand the fuss. I thought everyone had figured out and
come to terms with the fact years ago that social media is all about gathering
as much data as possible. The degree of precision with which Facebook,
Twitter, Linkedin, etc. recommend "people I might know" makes it pretty
obvious that they know a lot about me, regardless of where they got the
information from. And I don't blame them in the least - these are all free
consumer apps that can only exist by having a _lot_ of users, so if they can
get a few more by utilizing data that is right in front of them they'd be
crazy not to use it. If anything, people should be angry at Apple. Considering
how notoriously annoying their approval process is for the sole purpose of
protecting their users, they probably should have made app permissions more
explicit or let users opt out of individual permissions like facebook recently
started allowing.

Additionally, nobody has touched on the fact that companies can use address
books to prevent fraudulent use. For most of the companies listed there isn't
too much to be gained from fraudulent use. But you can imagine for services
that frequently have to address fraud and, say, don't want a single user to
have multiple accounts or that want to make sure all their accounts are owned
by real people, doing things like cross-validating address books can be very
useful. This can still be done if you hash the names and phone numbers before
uploading them, though, which is maybe what everyone should be doing.

tl;dr Data is money/power these days, it's strange that people are shocked by
companies making use of all the data they have access to.

~~~
feral
If you come home from work some day, to find Facebook employees going through
your dumpster, are you going to be ok with that?

Probably not, right? You know they want to gather as much data as possible,
but you are angry, because you never gave them permission to go through your
thrash.

I think thats how some people feel if an application goes through their
phonebook, when they didn't give it permission to; the phonebook is not
information people consider public; its privileged. Thats where there's a
fuss.

~~~
dcosson
That's a reasonable analogy, but I still think the anger should be directed at
apple. The way I see it, it's like I told my friend to watch my sandwich for a
minute and I come back and someone else is eating it because my friend had
handed it to him. I'm going to be mad at my friend; the other guy took
advantage of an opportunity to get a free sandwich, which I can hardly blame
him for.

~~~
BillPosters
Analogy isn't needed at all. Address book uploaded without permission...
enough said. To your second point, I agree, Apple should have a setting on the
iPhone that denies ANYONE but the owner of the iPhone access to the address
book. In addition, each app should be forced to ask for permission to use
contacts. The ball is in Apple's court to explain.

