Ad Banner

iPhone, iPad Apps capture users’ data

One of the most common answers to the question whether if its much safer to use a Mac compared to PCs is that a Mac is much safer to use than a PC – less virus attacks or none at all. I will agree to this answer to a certain extent. But a recent report that iPhone or iPad apps actually “harvest” users’ data makes one think – is it really safe to use Apple devices.

My answer is Yes, simply because the vulnerability comes from apps or programs and not from Apple. It was discovered recently that social network service, Path and several other makers of iOS applications take users’ address books on remote servers without the users’ permission. This is not the first incident of this kind. It also happens in the PC world. What makes this a big issue is it is happening with the world’s biggest and most popular devices – iPhone and the iPad. What information are taken? Address books include full names, phone numbers, and e-mail addresses of unsuspecting users.

Now why would apps like Path take user’s data? Path CEO Dave Morin said they gather user information and then uploads the address book to its servers to help users find and connect to their friends and family quickly and notify users when friends and family join the service. OK let’s give it to Path that gathering user information will help connecting with other people faster – but do they have to do it without the users’ permission? I think we can call it “stealing”.

Morin was quick to apologized to his company’s actions and said they have already deleted the address book user data it had collected. So is that the end of the story? On the contrary, it’s just the start. After the Path discovery, iOS apps from Facebook, Foursquare, Yelp, Twitter and others were also found to gather information from iPhone users’ personal address books.

I sincerely hope that these companies will delete whatever data they have gathered, but everyone knows it’s so easy to create a backup copy or file of everything. Upload it on another server perhaps or on storage devices like USBs and DVDs.

More often than not, companies who are caught to do such an action will say that the reason why they’re gathering information is to improve the service that they’re providing to their users. Let’s give it to them, but is it not possible that those information can also be used for marketing purposes? What will prevent companies from sending spam emails – for promos, new products, announcements and more.

Because of the said incident, Apple announced that they will implement a much stricter guidelines to prevent the same incident from happening again. According to Apple, apps that collect or transmit a user’s contact data without their prior permission are in violation of Apple’s guidelines. Apple clearly stated that any app wishing to access contact data will require explicit user approval in a future software release. Nice decision and move from Apple.

With the ammendments introduced to Apple’s Contact Data Privacy, an estimated 1,000 apps will be affected with this new guidelines.

Many Android applications available in the Android Market also tap into users’ address book data. The only difference is that the policy for developers is that every app must prompt users to grant such permissions before they can install the app to their phones.

A better rule is if an app is caught harvesting user data without user permission should be barred from offering their services to iPhone or iPad devices. Better yet, put these companies in a black list so that they may not join the online market place again.

This incident will be a long discussion especially in the area of security and user privacy policy. But I am glad that Apple acted so quickly to improve their contact data privacy guidelines. By the way, the US government already sent a letter to Apple CEO Tim Cook to describe all iOS app guidelines that has something to do with privacy and security of data and the government would also want to know how Apple determines whether an app meets those criteria or not.

(Article written by Jerry Liao)

Post Comment