

Apple will require apps to ask users for permission to address books - bproper
http://allthingsd.com/20120215/apple-app-access-to-contact-data-will-require-explicit-user-permission/

======
st3fan
"After a week of silence, Apple has finally responded to reports..."

"Better late than never..."

Why do people expect that Apple respond realtime to these kinds of things?

These are complex issues and tough decisions that need lots of thought and
discussion within the iOS teams at Apple. These things take time.

Remember, iOS is deployed to how many devices now? 100 million? Do you think
they can come to conclusions in between two tweets?

Honestly, having an answer ready in a week is not bad at all I think.

~~~
pja
_Why do people expect that Apple respond realtime to these kinds of things?_

I think people believe that Apple should have considered the privacy
implications of allowing Apps unfettered access to user contact data years
ago, rather than only reacting when it becomes a PR issue that user-data is
being misappropriated by shady App developers who appear to believe that
making money is more important than the privacy of their users.

(My personal guess is that they _did_ think about it, after all they
introduced Location access permissions with iOS 2.0, but decided that an
Android-style permissions matrix would put off end-users. In other words, I
suspect that Apple made exactly the same decision that their App developers
did: ease-of-use was more important than user privacy.)

~~~
Tyrannosaurs
I think you're absolutely right, but I the point kind of still stands - when
evidence appears that challenges your agreed position, you should still
consider it properly before responding rather than make a knee jerk reaction.

------
buff-a
_17.1: Apps cannot transmit data about a user without obtaining the user’s
prior permission and providing the user with access to information about how
and where the data will be used_

 _3.3.9 You and Your Applications may not collect user or device data without
prior user consent, and then only to provide a service or function that is
directly relevant to the use of the Application, or to serve advertising. You
may not use analytics software in Your Application to collect and send device
data to a third party._

So. These apps will be removed from the app store immediately, yes?

It is my understanding that a person's address book can be a trade secret, and
is protected by law.

------
frankus
The whole Address Book framework on iOS seems to have gotten the shit end of
the doody stick when they were handing out skilled programmer-hours at Apple.

For example it's inexplicably implemented as a bunch of low-level Core
Foundation calls even though it's not remotely a performance bottleneck in any
conceivable use case and 90% of the apps using it immediately wrap every query
result in some kind of half-baked Objective-C container. And although 99.9% of
the code using it wants to use it a simple contacts database, the APIs are
designed to be as general as possible and thus are even more needlessly hard
to use.

My guess is there has been a "Do something about Address Book on iOS" item on
Apple's to-do list for the last couple of years and this permission business
always got pigeonholed under that item, until this latest shitstorm demanded a
short-term fix.

It's going to be interesting how they implement this for existing apps, since
there is no "The user said 'No'" return value for any of the APIs. I guess
they're just going to have to return an empty address book or a "record
deleted" result code when the user declines access for an app.

~~~
antonyh
It would be interesting to see what might happen in either of those use-cases
for an app which syncs address books with a remote service, such as Google,
Yahoo! or CRM tools. It's entirely conceivable that if a user hits no it could
have rammifications to other systems which wouldn't expect either of these
results.

------
ary
A few years ago developers were bemoaning all the arduous controls as hurdles.
Today people cry out for them. I, for one, am thankful that people are at
least expecting a higher standard.

~~~
rmc
And a few years ago people were telling us that we needed Apple's strict
guidelines to prevent rouge apps for doing this sort of evil behaviour.
Apple's rules are ineffective.

~~~
ambler0
Doesn't the fact that companies like Path are exploiting people's address book
information illustrate that we _do_ need such strict guidelines?

So Apple didn't make enough rules. That doesn't mean that the existing rules
were ineffective. I just don't understand your criticism here.

~~~
drivebyacct2
The flaw seems pretty obvious here.

AppStore = lots of "walls/rules", supposed protection, apps have free access
to contacts

Market = few "walls/rules", but accessing contacts was a declared and required
permission attribute

Apple's walled garden did nothing to prevent apps from freely helping
themselves to contacts without user interaction or notification. Android
didn't have to curate to solve this problem, they simply implemented it
"correctly" at the platform level on the first go.

Frankly, I'm not sure what I think of this criticism of Apple anyway. Where is
it declared that your Address Book is absolutely secret information? Windows
doesn't protect my Thunderbird contacts, hell, Thunderbird doesn't even try
to. Yet I don't blame them for spyware that steals that information. Quite
honestly it scares me how much people are totally okay with being dependent on
Apple and running to them for protection. It's a losing game this way. There
will always be some sort of information, even if acquired via the user or
declared permissions, that we won't expect them to want/use/sell. We should be
focusing on expecting more "ethical privacy" stances by the companies that
write these apps.

(My scare quotes aren't commentary so much as they are me trying to stay
neutral. I don't know what is the "right" position on these things, frankly I
don't worry about this aspect of my privacy that much, and I'm currently with
an Android phone.)

edit: I guess my post changes a bit if it really was against the Apple
Developer agreement to do this. I guess I would be miffed that they weren't
enforcing and protecting against it.

~~~
gurkendoktor
> Quite honestly it scares me how much people are totally okay with being
> dependent on Apple and running to them for protection. It's a losing game
> this way.

They build the OS, why shouldn't they protect me? Is there a practical
alternative?

> We should be focusing on expecting more "ethical privacy" stances by the
> companies that write these apps.

I agree, but many people expect stuff to be free and ad-driven. As soon as an
otherwise honest developer drops in a fishy Ad framework, it's basically game
over. I would be surprised if none of them would send AB data over the wires.
They certainly send everything else they can get.

------
jinushaun
I'm an iOS developer and I can't believe it has taken Apple so long to
implement a security popup when accessing the address book, or that adding
address book support doesn't require the developer to declare in the
info.plist that this app needs access to it.

------
tferris
Android has this feature for years or call it a very granular and
understandable permission system for apps.

(Don't want to start a flame war and I am not really an Android fan)

~~~
lawnchair_larry
Android's permissions model doesn't work at all. Every app asks for a ton of
permissions at install time. You can't install the app without saying yes, and
every app asks for far more than it needs.

In theory, it is good, but in practice, it's broken.

The iOS way installs the app, but denies access to the resource.

~~~
bentlegen
Funny – if I see an Android app requesting a permission that I'm not
comfortable with, I just don't install it.

How do you expect this to work otherwise?

~~~
falling
On iOS if you want to use Facebook but don’t want to grant it permission to
access your location, you can still install and use the app and just deny it
when the permission is requested.

~~~
reddit_clone
It didn't do jack for addressbook stealing apps though.

You are representing it as though Apple asks for user's permission for every
sensitive resource.

------
dan1234
Well, better late than never. I still don't get why this wasn't in from the
very beginning, considering the protection covering the location and camera
roll.

~~~
brudgers
The cynical side of me thinks it was to foster the development of free and low
cost apps in lieu of encouraging development of a mobile web accessible to
devices from many manufacturers...the business side of me does as well.

~~~
gurkendoktor
Apple has previously erred on the side of the web too when their Safari form
autocomplete leaked address data. I don't think we need a conspiracy theory
for everything.

------
feralchimp
Welcome news, and hopefully the existing entitlements system will allow this
change to be made quickly and clearly.

More granularity might be nice also. They could have a separate "names only"
entitlement, or allow users to identify address book contacts / fields that
should never be shared; that are redacted in content returned by the
underlying APIs.

Important to note that this still does not address the wholesale detailed
export and persistence of contact data by developers. Could be opp for a new
provider there.

~~~
sshumaker
Granularity comes with a cost: complexity. Complexity which would be foisted
on the end-users. It's a slippery slope - you can quickly end up with android-
style permissions, where the user has to understand (and usually doesn't)
dozens of options.

I doubt Apple will go this route.

~~~
moe
Android's permission system would be great if it wasn't for the one fatal
flaw: Some idiot decided to make it declarative instead of deductive.

This is one of these fundamental bugs where you can only wonder what they are
smoking at google.

Instead of automatically scanning the code for actual API calls ("Ah, trying
to send SMS here") they require the developer to manually declare their
desired permissions in a separate manifest-file.

Unsurprisingly this has led to the current situation where every little
"wallpaper clock" app demands every permission under the sun, and then some,
_without ever actually using them_. Developers are just dumb and lazy like
that, go figure...

So, my point is, android-style permission granularity is not a problem at all.
Just make sure "can read phonebook" translates to _will actually read your
phonebook_ (hopefully soon in iOS) instead of _developer is probably
incompetent_ (Android).

~~~
xsmasher
Better yet, have the OS ask for the user's permission _when the call is made_
like iOS does for GPS and push notifications.

Then you'll only bug the user if they use a feature that requires the call,
instead of giving a list of permissions when the app is installed.

~~~
skeletonjelly
LBE Privacy Guard does this for Android (requires root though)

[http://www.appbrain.com/app/lbe-privacy-
guard/com.lbe.securi...](http://www.appbrain.com/app/lbe-privacy-
guard/com.lbe.security.lite)

Should be baked in IMO.

------
dredmorbius
And how is Apple going to go about securing the permission _the people LISTED
in the address book_ for their personal data to be harvested.

Address books are out of bounds. End discussion.

Permission fail.

~~~
artursapek
Considering all the apps that like to use the phone numbers and emails to help
new users find their friends using the app it's a difficult decision.

I think a good compromise would be allowing an app access to phone numbers or
emails without the rest of the information, eg whose number that is, their
street address, etc. Then, giving your own number when you sign up could be an
option. That way a new user's app could connect them to those friends of
theirs who have opted to attach their name to their number.

------
cewawa
Seems to me the flaw in the plan here is that we're talking about asking the
user for permission, when we should be asking the contact. I don't want Path
to have my contact details, but anyone who has me in their address book is
able to provide them. Asking the user for address book permission doesn't fix
that.

~~~
harryh
You're basically asking for DRM on your contact details. That's not going to
work.

~~~
cewawa
Um, you proposed "DRM on your contact details", not me.

~~~
harryh
If you give your contact information to another person but what to
technologically restrict how that information can be disseminated after that
you are asking for DRM.

~~~
cewawa
My comment wasn't asking for anything. I was pointing out that an "allow
access to address book" dialog wasn't going to solve the underlying problem,
which is that unlike location services, the data you are giving access to is
someone else's.

------
siculars
You had to see this coming. Nice to see Congress stepping in and up for the
consumer. Can't wait for Apple's detailed reply.

~~~
bradleyland
Really, because frankly, I don't want Congress mucking about in this matter.
There's been tremendous consumer backlash over this issue. Application
developers and Apple are forming a response that looks pretty positive. The
Congressional involvement, from my perspective, is just a meaningless dog &
pony show. It won't have any bearing on the outcome.

I really dislike the line of reasoning that the government should step in any
time a company makes a mistake. If something egregious is happening, then
let's get the government involved, but what we _don't_ need, is Washington
getting their panties in a wad and trying to craft some new legislation. We
all know how that turns out.

~~~
Aaronontheweb
Law should always be the option of last resort for fixing a problem, never the
go-to under most circumstances.

Laws do not go away in the United States - they can get overridden or re-
interpreted by judges, but they never leave the books once they're on them.
Part of the reason why our legal system has so many pitfalls is that laws
written in bygone eras intended for use-cases that no longer exist can be
interpreted and applied to modern scenarios.

Consumers should vote with their feet and wallets by using different apps that
don't misuse their contact information or perhaps a different mobile platform
altogether.

------
ansy
About time. Long overdue.

But how soon is actually soon? 5.0.2 soon? Or 5.1 soon?

I can only wonder how many app developers need to update their apps to remove
unnecessary and shady looking address book access. Even worse, I wonder if any
popular libraries are slurping address book data that developers don't even
know about. Analytics and advertising companies in particular surely couldn't
have resisted taking a peek could they? How can you even tell if someone zips
up and encrypts your address book? Maybe if you have a jail broken phone
modified to detect that, but that's pretty unlikely. Look how many people use
Path and we're just now getting wind of it.

------
xsmasher
I'm surprised that Apple didn't do this four years ago, when an iPhone game
was found doing the same thing (and transmitting the data in cleartext.)

[http://isource.com/2008/07/23/aurora-feint-removed-from-
app-...](http://isource.com/2008/07/23/aurora-feint-removed-from-app-store-
over-privacy-concerns-hopefully-to-return-soon/)

The game was removed, but the (obvious) policy change wasn't made.

------
smackfu
This kind of thing really requires good faith efforts from both Apple and the
developers. A system-generated prompt for your address book is not
particularly useful if it comes up on first launch of the app with no
explanation why the app wants the data, like a lot of apps do with location
services today.

~~~
nimblegorilla
If an app asks for location information I usually deny it. I would do the same
thing for my address book and photos if I had the ability.

Almost all of the apps I use have no reason to need my addressbook data so it
would be nice to know that none of those are secretly stealing it.

------
sutro
With Congressional involvement this disturbance has now been upgraded to a
Category 4 Shitstorm.

------
zak_mc_kracken
The question is: why wasn't this permission asked since version 1.0 of iOS?

Android has had it since day one, isn't it common sense to assume that users
might want to approve such access?

<shakes head>

~~~
antonyh
What Android doesn't have is the ability for the user to deny permissions. It
does inform the user when installing the software, but there's still no way I
can control permissions of Application X and disable it's access to contacts,
SMS, and so on.

iOS gives every app the same rights, Android presents a list of permissions
without the ability to disable any of them. What's the difference? I suspect
that the vast majority of users don't read that list anyway and just click
through. Those that do read it and understand it have only two options - ok to
everything, or don't use the app.

------
yabai
It is ironic that Apple is supposed to be protecting us by having very rigid
policies for what and what does not enter the app store but they let an app
access contact data without permission from the user!

------
polemic
Will existing [installed] apps be required to ask for permission if it has not
previously been explicitly granted? Or will they effectively be exempt?

------
jackalope
Would it make sense to store addresses in the Keychain?

------
funkah
So, developers will do their contact stealing with Mac or Windows apps
instead. Better than nothing.

~~~
watty
There are much more valuable files to steal off a computer than a phone. The
reason you won't see it (often) is because it's so much easier to watch
traffic on your computer. Any company doing this would be taking a huge risk
and would likely be caught within a day.

------
billpatrianakos
I'm torn on this issue. A part of me fears for developers. The practice of
uploading address books is not a new phenomenon but suddenly over the past
week everyone has jumped on it as if it's some brand new conspiracy to invade
our privacy. It didn't hurt anyone before this became a hot news story and I'm
confident that more than a handful of people knew about it before then too.
But there's a very valid concern about it nonetheless so putting aside the
issue of whether it's alright to upload the user's address book at all in any
way this issue still makes me fear for developers.

I'm afraid because it seems like these days everyone wants their apps for free
with absolutely no strings attached. There's an entitlement on the web that
you don't see anywhere else. On the web we expect to get the best, coolest,
most entertaining, problem-solving, pain-point-eliminating products and
services free and we expect the providers of those products and services to
bend to our will in the way they operate too. So let's give the critics this
one and say that yeah, it's absolutely necessary to ask permission first
before accessing the iOS address book. Okay but what's next? We're used to
going nuts about slippery slopes when it comes to the user but what about some
companies? They're not all evil like some would make them out to be. Are we
going to demand that Google stop showing ads because they're confusing or
annoying when mixed with organic results? Will we demand the ability to post
to Facebook and Twitter.. _anonymously_? Will we band together and force
companies to add features that muddy already good products because a noisy few
were, well, really noisy?

That's what I fear. I fear that the balance of power between users and
developers will swing too far I'm the user direction. Make no mistake, I'm not
saying a service provider should be able to do whatever it pleases with no say
from users. I do believe, however, that there needs to be a balance of power
(or influence, whatever you want to call it) and that balance should never
swing too far in either direction. Its not often that I hear "I don't like
that company/developer/service provider X is doing Y so I quit using them".
Instead I often hear "they're doing X and I hate it do come complain with me
and let's make them change that". That's fine a lot of times but I'm afraid
that at some point people's sense of entitlement will grow too large and there
will be outrage where none is needed and where the best course of action for a
small minority would be to quit using X while the majority who are alright
with it continue. In some cases like Google and Facebook the service has
become so ingrained in our lives that it's hard to just quit using it and in
those cases I'm willing to forgive a lot of seemingly frivolous outrage but in
other cases it wouldnt be _that_ awful to find an alternative.

I just wonder if one day the frivolous outrage of a noisy minority will ruin a
product or service for the very content majority.

~~~
monochromatic
1\. This is far from frivolous.

2\. The "very content majority" are just people who, reasonably enough, never
even thought about the possibility that apps were doing underhanded things
like this.

~~~
Turing_Machine
Exactly.

Think of it this way:

A salesman is visiting a customer's home or office. The customer goes to the
bathroom. When the customer comes back, he finds the salesman has picked up
the customer's phone, called another salesman back at headquarters, and is
going through the contact list and reading all the info out to the other
salesman.

Will the customer be happy? No, he will not.

Will he be satisfied if the salesman then issues a non-apology apology ("we're
sorry if you were offended"), claims that he was only doing it to "help the
customer connect better", or tries to blame it on the customer and/or the
phone manufacturer because the information wasn't locked? No, he will not.

In general, right and wrong don't change just because the action is carried
out by software rather than direct human intervention.

------
brador
Can users who were affected by this still sue them for anything?

~~~
monochromatic
Sue Apple?

~~~
brador
Apple or the companies that used this "feature"...

Maybe under EU privacy laws?

~~~
objclxt
Sue them for what? What damages have you suffered here? And why would you sue
Apple instead of the developers?

------
richardlblair
It's about time. It is their platform, their OS, and their users. It is their
responsibility to respond to potential threats accordingly. This is the right
thing to do.

Good decision Apple.

------
Francisc
Oh they caught on to this _minor_ security issue. Well done Apple.

------
ugh
That’s really annoying. If so many developers weren’t so stupid and evil,
strict guidelines from Apple and social pressure could easily solve this.
Isn’t that how it’s solved on the desktop (minus the guidelines)?

Yes, I can see that an App Store makes it easier for people to install all
kinds of apps. (I can also see that more people are going to have more
extensive address books on their mobile phones compared to their PCs.) There
isn’t really a handful of developers anymore (like there were on the Mac for
the longest time) who you know you can trust.

And yes, spyware was also a problem on the desktop – but usually not one for
high profile apps. If the developer was big and had something to lose you
could be somewhat certain that they were not going to sell you out.

But no. More dialogs everyone will ignore anyway. Not a real solution by any
stretch of the imagination.

