
Apple now requires user permission in iOS 6 before apps can access private data - cleverjake
http://9to5mac.com/2012/06/14/apple-now-requires-user-permission-in-ios-6-before-apps-can-access-private-data/
======
Smudge
> In iOS 6, the system now protects Calendars, Reminders, Contacts, and Photos
> as part of Apple’s data isolation privacy initiative.

This shouldn't be an "initiative." This should have been a standard practice
from day one.

~~~
sp332
I think the idea was that you wouldn't install apps on your phone that you
didn't trust. Obviously that didn't turn out to be practical so now they're
adding more fine-grained control.

~~~
Ralith
> the idea was that you wouldn't install apps on your phone that you didn't
> trust

We've known this doesn't work out on PCs for years; why would phones be any
different?

~~~
Someone
This phone has a much more restricted installation experience. There is only
one installer, and Apple knows who to blame if any of the software it installs
turns out to be malware.

I think the idea was that that tractability would deter people from trying to
put malware on the App Store.

And that has worked reasonably well. Yes, there were several cases of apps
that did not inform users that they uploaded data to implement features they
advertised, but I am not aware of downright malware (say a fart app that
uploads you address book to some server), and yes, Charlie Miller got a
nefarious app on the App Store, but that malware was traceable back to him.

The thing Apple did not think through well enough is the privacy issue. Users
can feel uncomfortable about apps uploading their data, even if that is
necessary to implement app functionality, because they may not trust the app
writer to do nothing else with the data.

~~~
lotu
Also the personal information is more limited. At first the only "personal"
information was my name and the name and phone numbers of my friends. This
information is available (in theory) in a phone book.

------
gte910h
As an iPhone dev, I've wondered why they didn't do this since way back when
they added GPS in 3.0 with its permission popup.

~~~
adamjernst
Address Book has always been a C API, not an Objective-C API, for legacy
reasons. I suspect that had a lot to do with it.

------
e40
Let's hope this goads Google to do the same thing in Android.

~~~
timdorr
They already do this to an extent with permissions. It's not as in-your-face
about it, but it's certainly far more fine grained (read vs. write access,
more services have permissions, etc.)

~~~
zmmmmm
Not really. There are virtually no permissions that can be approved on a case
by case basis in Android. Google claims that interactively approving
permissions will make life "too complex" for developers. I hope this inspires
them to be a little more open minded about it. There are so many useful but
optional features of apps that need intrusive permissions (eg: read your
contacts) - but apps need to request blanket permissions to them up front,
which is just silly. I think developers can handle a little if-else logic
especially if the trade-off is they can avoid the stupidity of having to push
multiple versions in to the app market just to cater for different permission
requirements.

~~~
StavrosK
You can (and should) install LBE privacy guard. If you don't want an app to
access, say, your contacts list, it gets an empty contacts list.

~~~
sjwright
Yay, I enjoy being a systems integrator for my mobile phone.

Not.

~~~
StavrosK
How are you being a systems integrator? Or do you mean you need an app that
reads your mind as to what permissions to grant?

~~~
sjwright
If I have to download and configure a custom application into my toaster in
order to choose whether I permit raisin bread, I'm being a toaster systems
integrator.

"This isn't a problem, install this third party app to keep your permissions
secure! But sorry, it could break at any time because Google don't provide
support for it."

This is a desktop computer mentality. Sorry dude, I'm a programmer and a
sysadmin, but my phone is a #*$@ing APPLIANCE! I want it to make and receive
calls, and maybe play a few rounds of Angry Birds without wondering if Rovio
is tweeting my location behind my back.

~~~
StavrosK
So you become a systems integrator by downloading apps to your phone? Then I'm
afraid you already _are_ one, sadly.

Who do these phone companies think they are, expecting people to actually
program numbers in a device just to call someone? Not everyone is a
programmer!

~~~
sjwright
You're being intentionally dense or missing the point.

~~~
StavrosK
What is the point?

EDIT: You edited your comment above, but it still makes no sense to me. Your
phone can't know if you want an app to access your personal info or not, you
have to tell it. The only difference between what you want and what I propose
is that you have to spend an extra two seconds installing an app. This doesn't
sound so onerous, and doesn't mean you have to be an expert.

