We develop software for Windows and Macs. On the Mac the address book files are certainly available to read, and also available through an API. We don't read these files, we don't upload them, and we don't analyze them. We don't touch them at all. We also don't touch anything else on our customer's system that they wouldn't normally be expecting, and we don't send any information back to our server without the user explicitly saying it's OK when it happens.
Here's one reason why we don't scan people's system for interesting private files and secretly upload it for our economic benefit:
1. It violates the user's trust, expectations and privacy.
Here's a second reason:
2. It is a criminal act to do so.
I don't buy these discussions about how it is Apple's fault. It's not. It's illegal to steal private data like this. The companies doing this should be raided and shut down by the FBI immediately. All of them. Whether or not they issued a tearful apology.
These are all fine and valid points, but the fact remains that a free game app might be very tempted to complement its lousy revenue by stealing and reselling users' address books and anything else their app can get its hands on. I as an iPhone user want a protection against that.
It's important to keep in mind that where Path went wrong is they did not ask permission to upload the address book. Many, Many applications have a valid reason to move your contact list into the cloud - and as long as they ask my permission first, that's fine.
Agreed with your outrage on a company taking files off of my system (address book or otherwise) and uploading them. And, from reading the dcurt.is entry - it sounds like 85%+ of social apps do this as common practice.
I never thought about this before. But it seems like there are very different expectations for PC developers and smart phone developers. Companies developing software for a PC would never consider sending personal data to their servers.
Maybe its because mobile developers mostly come from web development where it is normal for the server to store such data. For a lot of web applications (web-mail, Facebook) it is part of the service.
> I don't buy these discussions about how it is Apple's fault. It's not.
Does Apple provide application level permissions system where users can see what permission application require, and where users can choose if they will grant application permission the right to read address book or choose not to install it?
If Apple doesn't do this, than it's Apples fault that it didn't sandbox applications enough in order to protect its users.
The biggest problem with all of this, and which I'm surprised no one else has mentioned, is that my Address Book isn't principally "personal data about me, which I wish to keep safe." It is "personal data about other, often more important people, who have entrusted me with the security of that data"!
If you pull my CEO's private contact info off my phone, or pull a high-level contact from some company we've been privately looking to acquire, you best pray that theft doesn't result in a leak of privileged business information.
Excellent point that most people have missed (I've actually brought it up in a few threads now). They are taking data that others have entrusted you with which is the worst part of this. If there servers were compromised not only would my data be stolen but the data of all my friends, family, and colleagues.
Who I keep in my phonebook is absolutely about me – it is also about other people and perhaps there's increased risk for them, but who I keep in my address book is still personal and private information.
My social/business network, particularly as contained in my address book is absolutely private data and it should be my choice whether or not it's shared.
> or pull a high-level contact from some company we've been privately looking to acquire, you best pray that theft doesn't result in a leak of privileged business information.
Right, because the presence of some contacts at company B immediately implies "oh, we're going to acquire them."
What people really aren't mentioning is that people give out the information likely stored in your address book to pretty much any service that even looks to be interesting based on a screencast, or even a splash page. Do you read the terms of service and privacy policies of all random websites you sign up for? Do the people whose contact information you are protecting do so?
It's interesting that one side effect of the Apple 'walled-garden' and the perceive strictness of the app approval process has led to the idea that:
> ...this issue is a failure of Apple and a breach of trust by Apple, not by app developers.
That's a cop-out, of course. There is no lesser responsibility on the part of an app developer to "do no evil" if you've simply bent your definition of evil to "whatever Apple DOESN'T let me do to their users".
Let's look at this statement:
> ...there's a quiet understanding among many iOS app developers that it is acceptable to...
That should be a big red flag to the writer. Quiet understandings have led to all sorts of problems - certain financial collapses come to mind.
Ultimately, this is something Apple needs to confront. Consistency is far more important that any specific moral position - for users and app developers. But that's not a get out of jail free card for the developer.
> That's a cop-out, of course. There is no lesser responsibility on the part of an app developer to "do no evil" if you've simply bent your definition of evil to "whatever Apple DOESN'T let me do to their users".
That's arguable. Privacy is all about "expectation of privacy," which means there's really no predictable, testable methodology other than implementing a feature and finding out if people are outraged. In fact, it's almost certainly different for apps with different target audiences. Path probably gets a lot of tech-savvy 20- and 30-something users who are outraged by address book sharing, but the average Facebook user probably wouldn't care even if they found out it was happening.
Obviously, this just means that developers should err on the side of openness (e.g. in your privacy policy) and explicitness (e.g. popup dialog asking for permission). But that's often only apparent in hindsight, since a developer may never think that something could even be interpreted as a privacy issue, since the developer knows he or she will never misuse the data or even use it all in any personally-identifiable way.
Presumably, for better or for worse, many developers either consciously or subconsciously trust Apple to have a pulse on the community of users when it comes to privacy. It would be nice to be able to do so, but apparently that can't be trusted. Of course, from the user's perspective, it means they can't trust any app to not be abusive (according to their own definition of "abuse").
"the Apple 'walled-garden' and the perceive strictness of the app approval process"
I wonder if Apple's tight control over app approval has made them actually legally responsible for this kind of thing. Not that it would absolve the app seller/author, but it seems Apple might share significantly in responsibility.
I find the whole thing really rather curious. I too am baffled as to why Apple has allowed this functionality from day one. I am also surprised that there has not been considerably more malicious usages of this data.
Apple clearly does not enforce the the guidelines 17.1 strictly - but some developers are rejected for this. I can imagine it being possible (and I have no idea) that Apple turns a blind eye to developers that break this rule on the assumption they are doing it as a reputable company and doing it for "clear" value to the end user. (e.g.: not just acquiring all your contacts despite being a fart app.)
> 17.1: Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used.
Apple traditionally will happily leave functionality users or developers deem critical out of iOS until it is done right - push notifications, geo-location, background applications. It seems to make so much sense that "contacts" are part of something that Apple would want to do right - after all - it can create significant value for the user. (as discussed here: http://parislemon.com/post/11647475506/your-true-social-netw...)
But that doesn't explain why allow it in the first place in its current state? Its a really odd thing to simply offer developers on a whim (all their SDK blurb says is "Your application can create new Address Book contacts and get existing contact info.") Why can I import all of a users' contacts but it is not possible to populate an iMessage with a recipient and content?
(I mean, Game Centre, the nearest thing to an Apple "social network" uses contacts to find your friends but in a truly terrible - albeit more ethical - manner. Which is both parts fascinating and infuriating as GameCentre is mostly crippled by being incapable of finding your friends.)
At a guess: internally Apple iOS development is under resourced and they have a todo list a mile long. This simply has not been a severe enough problem that it has warranted being fixed yet.
They didn't allow it from day one. GPS apps, for example, couldn't navigate to contact addresses. VOIP couldn't use your numbers.
It was relaxed later. I don't recall exactly when, but I'm thinking around 3.2 or so. Before whatever update, you had to have silos of contacts. After it, all apps could use your address book.
It is super curious why Apple decided to allow apps to access the Address Book freely. I'm releasing an app on the App Store next week and I definitely thought about all the evil things I could do to my users because Apple provides them no protection. And as a developer looking for success on the App Store, it is very tempting.
I once considered the possibility of uploading the entire address book to my servers, too. In fact, I even considered email/sms spamming everyone in those address books with "invitations" from the address book owner to download my app. Of course, I did not end up doing any of that nefarious stuff. Not even uploading the address book for innocent "Add Friends" features. But the fact remains that given the freedom to do so, almost every developer will be, at least, tempted to take advantage of it. Most will.
I honestly don't think Path did anything wrong and I'm sure they kept the information secure on their servers. It's Apple that somehow let this one slip through.
Perhaps, to Apple, it's really not your data. When you put data on an Apple device, they consider it to belong to Apple. So the appropriate permission was granted when they accepted Path into the App Store. Maybe this is the Apple way of thinking?
I think it's a bit conspiracy-theorist to say that companies do this because they want to use everything they can get. The relatively easy privacy maintaining alternative (hash address book contents and store the hash, and check against hashes when people join) is simply not as obvious as simply uploading what you get from the API.
Most app developers are just trying to get a job done as quickly as they can, and are in that hustle are choosing the path of least resistance, rather than thinking, "I really want to exploit this data as much as possible and invade as much privacy as possible."
Totally agree. I'm actually surprised at how many people assume this was done with malicious intent.
There are still plenty of sites storing plaintext passwords. I doubt there's a data mining conspiracy there (although I bet you could make some interesting guesses about people based on their password choice). It's just a poor design that accomplishes its task in the simplest way possible.
Would hashing contact information placate those who are outraged at this practice? It would still enable the app to associate you with other users of the app without your explicit information.
It seems to me that the biggest complaints are that Apple doesn't popup a permission dialog before allowing an app to access your address book, and that Path's privacy policy seemed to omit that they were using your address book.
Am I missing something? I'm not a iPhone/iOS user so please forgive me. Does iPhone/iOS not ask if you give permission for this App to view your Address Book?
If not, then I can see why this might be Apples fault for allowing developers to abuse this.
If yes, then how can this possibly be Apple's fault? It seems almost absurd to blame them. The buck stops with the end user for not protecting their Address Book. If you allow some weather app to download your Address Book, why should Apple care? You cannot trust every developer (turns out we are all data hungry), and they even asked to peak in there too.. You explicitly gave them permission!
(It's possible they're scraping Twitter handles/photos in some way that doesn't link the 'email addresses and phone numbers' to the requester's Twitter handle... but almost any straightforward way of implementing this has the de facto effect of informing Twitter of all your contacts' emails and phone numbers.)
Apple avoids the Vista like "ask for permission" on access design like android by requiring you to justify your needs to the app reviewer as an app developer. Not having an untrusted source of apps that can install on the device that is allowed on the iPhone means Apple can, in theory, improve user experience by not having as many of these dialogs bugging the user.
Apps, should just work.®
Constant permission prompts just train users in to muscle memory to accept these dialogs without thinking. Instead Apple sees it better make developers justify their needs to the APIs when they submit. Then Apple tests the app and looks for anything fishy. In the end, they reserve the right to pull them when they violate their terms.
One of the issues Android had up until recently was that you couldn't update all apps in one shot. The reason is that app update may have required permission changes from a pervious version. You would have to acknowledge each of these before installing the update. This was a crappy user experience and it's still the current experience when you install 3rd party APKs and update them.
The problems with these "list of permissions wanted" screens is they don't let the developers justify to the user why they need access to these different features inline with the request. The users see it at install or update often.
There are often very simple reasons why I need access to data on the device on Android in my app. I had people not install my app because I asked to send SMSs (which tells the user I can charge them money that way) in my music app, but it's only because I had a share button that is user invoked and clearly is sending a text message to user.
Sure, be clear with your intent with your users, but these permission models don't always scale for the everyday users.
Your complaints can be addressed by waiting to ask for permission the first time the app needs it, as opposed to a list of permissions to give at install time, and making the 'yes' answer sticky as opposed to prompting constantly.
Why can I not lock down my phone information and describe, at the device level, what I'm willing to share? The present alternative (on Android) is to allow/deny applications on a case-by-case basis. Fuck up once and I've let slip data I don't want to share. Some apps cannot be deleted (on an unrooted, phone -- only with difficulty on a rooted one).
Why can I not query each and every application vendor for all data held on me, and either modify or correct this as I see fit?
I've enjoyed playing with my Android phone for the past while, but I'm increasingly very unhappy carrying a persistent snitch in my pocket.
I'm waiting for the Perl Harbor / 9/11 day for this stuff. It's going to happen, it's a matter of when.
It's a lazy mistake. The tools are provided by way of a command or two on just about any platform available to any programmer. Hashing information and matching against said hash are problems that have been solved and simplified in as many languages as asking for the bathroom.
It's easier to send the raw data. It's foolish to send the raw data. It's a lazy mistake. We all know it happens. We all know WHY it happens. Stop fucking with our data. Pay attention because sometimes you should not be quite so lazy.
Path gets off easy because they're Path. I'm ok with that. But I would fire your ass if you did this under my watch because I know for a fact that this is a stupidly easy problem to resolve. Don't be so damned lazy when it matters.
It seems to me that all of these applications would be in trouble under Australia's fairly strict privacy laws. In particular, you are allowed only to collect details reasonably useful to your business and you must give a great deal of notice that this is happening[1].
Persons wishing to bring this issue to Apple's attention might wish to engage an Australian lawyer or bring the matter to the attention of the Attorney-General's department.
I don't have an iPhone, so I'd have no standing. Fellow Australians, call your lawyers and start raising a stink.
So, let's see if I can turn this into a positive ...
A while back I casually nuked my iPhone 3G back to factory to give to a friend. I did so without realizing there were some contacts on there that failed to backup to my Mac.
What are the odds some startup or other company out there has my contacts? Do any of them offer personal data dumps? Sadly, these contacts never made it to Google, where I can dump the data.
There are many legitimate uses and I know I've downloaded many apps that uploaded my phone book for backup purposes, syncing purposes so on. Anything can be abused if used wrongly however, that's my philosophy.
I suspect your address book is just names and phone numbers?
I use my address book for everything. I have my contacts' names, phone numbers, email addresses, addresses, IM usernames, birthdays, anniversaries, websites, workplace and other info stored in mine (not to mention some personal info jotted in the notes section).
Until today, I believed that information was secure. I had no idea an app could upload all of that information to their server WITHOUT MY KNOWLEDGE, much less consent.
Because of Google's approval process (or lack thereof), Android users have always been paranoid of the apps they install and what permissions they give them. As an iOS user, I never thought I had to worry about that because of Apple's approval process.
Does it make a little more sense why some of us are furious about this now?
Are you sure all the people in your address book are as careless about that data? The friend with the restraining out against their ex? The minor celebrity with the unlisted phone number?
Are you happy with the possibility that a connection between you and someone else might be implied without being true? What if a known drug dealer* had your phone number in their address book? (Perhaps via a room mate or child using the landline to have called them once? Or through reuse of an expired disposable cellphone number?)
* or child pornographer, or political dissident, or terrorist, or…
Unacceptable. What craven view of ethics puts any concept of "user experience" above treating others truthfully and respecting their privacy, property and personal domain?
This is not a "mistake". Why would anyone want to have anything to do with such people, much less be their customer?
[+] [-] droithomme|14 years ago|reply
Here's one reason why we don't scan people's system for interesting private files and secretly upload it for our economic benefit:
1. It violates the user's trust, expectations and privacy.
Here's a second reason:
2. It is a criminal act to do so.
I don't buy these discussions about how it is Apple's fault. It's not. It's illegal to steal private data like this. The companies doing this should be raided and shut down by the FBI immediately. All of them. Whether or not they issued a tearful apology.
[+] [-] sambeau|14 years ago|reply
http://en.wikipedia.org/wiki/Data_Protection_Act_1998
I naively thought that iOS Apps wouldn't do this, in part, because it was illegal.
[+] [-] abcd_f|14 years ago|reply
[+] [-] ghshephard|14 years ago|reply
Agreed with your outrage on a company taking files off of my system (address book or otherwise) and uploading them. And, from reading the dcurt.is entry - it sounds like 85%+ of social apps do this as common practice.
[+] [-] Proleps|14 years ago|reply
Maybe its because mobile developers mostly come from web development where it is normal for the server to store such data. For a lot of web applications (web-mail, Facebook) it is part of the service.
[+] [-] darklajid|14 years ago|reply
If you upload personal data (which, I agree, is wrong unless explicitly requested and authorized) you are having much more data to protect.
[+] [-] markokocic|14 years ago|reply
Does Apple provide application level permissions system where users can see what permission application require, and where users can choose if they will grant application permission the right to read address book or choose not to install it?
If Apple doesn't do this, than it's Apples fault that it didn't sandbox applications enough in order to protect its users.
[+] [-] ramblerman|14 years ago|reply
The world is certainly 'not' always ideal, and as a phone owner when I download apps, I would like to be able to defend my privacy at the OS level
[+] [-] a_a_r_o_n|14 years ago|reply
[+] [-] feralchimp|14 years ago|reply
If you pull my CEO's private contact info off my phone, or pull a high-level contact from some company we've been privately looking to acquire, you best pray that theft doesn't result in a leak of privileged business information.
[+] [-] k-mcgrady|14 years ago|reply
[+] [-] incongruity|14 years ago|reply
My social/business network, particularly as contained in my address book is absolutely private data and it should be my choice whether or not it's shared.
[+] [-] apgwoz|14 years ago|reply
Right, because the presence of some contacts at company B immediately implies "oh, we're going to acquire them."
What people really aren't mentioning is that people give out the information likely stored in your address book to pretty much any service that even looks to be interesting based on a screencast, or even a splash page. Do you read the terms of service and privacy policies of all random websites you sign up for? Do the people whose contact information you are protecting do so?
[+] [-] polemic|14 years ago|reply
> ...this issue is a failure of Apple and a breach of trust by Apple, not by app developers.
That's a cop-out, of course. There is no lesser responsibility on the part of an app developer to "do no evil" if you've simply bent your definition of evil to "whatever Apple DOESN'T let me do to their users".
Let's look at this statement:
> ...there's a quiet understanding among many iOS app developers that it is acceptable to...
That should be a big red flag to the writer. Quiet understandings have led to all sorts of problems - certain financial collapses come to mind.
Ultimately, this is something Apple needs to confront. Consistency is far more important that any specific moral position - for users and app developers. But that's not a get out of jail free card for the developer.
[+] [-] baddox|14 years ago|reply
That's arguable. Privacy is all about "expectation of privacy," which means there's really no predictable, testable methodology other than implementing a feature and finding out if people are outraged. In fact, it's almost certainly different for apps with different target audiences. Path probably gets a lot of tech-savvy 20- and 30-something users who are outraged by address book sharing, but the average Facebook user probably wouldn't care even if they found out it was happening.
Obviously, this just means that developers should err on the side of openness (e.g. in your privacy policy) and explicitness (e.g. popup dialog asking for permission). But that's often only apparent in hindsight, since a developer may never think that something could even be interpreted as a privacy issue, since the developer knows he or she will never misuse the data or even use it all in any personally-identifiable way.
Presumably, for better or for worse, many developers either consciously or subconsciously trust Apple to have a pulse on the community of users when it comes to privacy. It would be nice to be able to do so, but apparently that can't be trusted. Of course, from the user's perspective, it means they can't trust any app to not be abusive (according to their own definition of "abuse").
[+] [-] a_a_r_o_n|14 years ago|reply
I wonder if Apple's tight control over app approval has made them actually legally responsible for this kind of thing. Not that it would absolve the app seller/author, but it seems Apple might share significantly in responsibility.
[+] [-] pclark|14 years ago|reply
Apple clearly does not enforce the the guidelines 17.1 strictly - but some developers are rejected for this. I can imagine it being possible (and I have no idea) that Apple turns a blind eye to developers that break this rule on the assumption they are doing it as a reputable company and doing it for "clear" value to the end user. (e.g.: not just acquiring all your contacts despite being a fart app.)
> 17.1: Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used.
Apple traditionally will happily leave functionality users or developers deem critical out of iOS until it is done right - push notifications, geo-location, background applications. It seems to make so much sense that "contacts" are part of something that Apple would want to do right - after all - it can create significant value for the user. (as discussed here: http://parislemon.com/post/11647475506/your-true-social-netw...)
But that doesn't explain why allow it in the first place in its current state? Its a really odd thing to simply offer developers on a whim (all their SDK blurb says is "Your application can create new Address Book contacts and get existing contact info.") Why can I import all of a users' contacts but it is not possible to populate an iMessage with a recipient and content?
(I mean, Game Centre, the nearest thing to an Apple "social network" uses contacts to find your friends but in a truly terrible - albeit more ethical - manner. Which is both parts fascinating and infuriating as GameCentre is mostly crippled by being incapable of finding your friends.)
At a guess: internally Apple iOS development is under resourced and they have a todo list a mile long. This simply has not been a severe enough problem that it has warranted being fixed yet.
Whatever the reason, I hope it gets fixed.
[+] [-] Terretta|14 years ago|reply
It was relaxed later. I don't recall exactly when, but I'm thinking around 3.2 or so. Before whatever update, you had to have silos of contacts. After it, all apps could use your address book.
[+] [-] hboon|14 years ago|reply
You can pop up an SMS sheet like you do for sending emails now.
[+] [-] stevenou|14 years ago|reply
I once considered the possibility of uploading the entire address book to my servers, too. In fact, I even considered email/sms spamming everyone in those address books with "invitations" from the address book owner to download my app. Of course, I did not end up doing any of that nefarious stuff. Not even uploading the address book for innocent "Add Friends" features. But the fact remains that given the freedom to do so, almost every developer will be, at least, tempted to take advantage of it. Most will.
I honestly don't think Path did anything wrong and I'm sure they kept the information secure on their servers. It's Apple that somehow let this one slip through.
[+] [-] eridius|14 years ago|reply
[+] [-] rvkennedy|14 years ago|reply
[+] [-] phuff|14 years ago|reply
Most app developers are just trying to get a job done as quickly as they can, and are in that hustle are choosing the path of least resistance, rather than thinking, "I really want to exploit this data as much as possible and invade as much privacy as possible."
[+] [-] eli|14 years ago|reply
There are still plenty of sites storing plaintext passwords. I doubt there's a data mining conspiracy there (although I bet you could make some interesting guesses about people based on their password choice). It's just a poor design that accomplishes its task in the simplest way possible.
[+] [-] baddox|14 years ago|reply
It seems to me that the biggest complaints are that Apple doesn't popup a permission dialog before allowing an app to access your address book, and that Path's privacy policy seemed to omit that they were using your address book.
[+] [-] WestCoastJustin|14 years ago|reply
If not, then I can see why this might be Apples fault for allowing developers to abuse this.
If yes, then how can this possibly be Apple's fault? It seems almost absurd to blame them. The buck stops with the end user for not protecting their Address Book. If you allow some weather app to download your Address Book, why should Apple care? You cannot trust every developer (turns out we are all data hungry), and they even asked to peak in there too.. You explicitly gave them permission!
[+] [-] Macha|14 years ago|reply
[+] [-] gojomo|14 years ago|reply
http://cache.gizmodo.com/assets/images/4/2011/06/ios5twitter...
(It's possible they're scraping Twitter handles/photos in some way that doesn't link the 'email addresses and phone numbers' to the requester's Twitter handle... but almost any straightforward way of implementing this has the de facto effect of informing Twitter of all your contacts' emails and phone numbers.)
Everyone's at it.
[+] [-] zbowling|14 years ago|reply
Apps, should just work.®
Constant permission prompts just train users in to muscle memory to accept these dialogs without thinking. Instead Apple sees it better make developers justify their needs to the APIs when they submit. Then Apple tests the app and looks for anything fishy. In the end, they reserve the right to pull them when they violate their terms.
The article is wrong in that the camera roll is secure. It's technically not. Through the asset library API you can get at it. See docs here: https://developer.apple.com/library/ios/#documentation/Asset...
One of the issues Android had up until recently was that you couldn't update all apps in one shot. The reason is that app update may have required permission changes from a pervious version. You would have to acknowledge each of these before installing the update. This was a crappy user experience and it's still the current experience when you install 3rd party APKs and update them.
The problems with these "list of permissions wanted" screens is they don't let the developers justify to the user why they need access to these different features inline with the request. The users see it at install or update often.
There are often very simple reasons why I need access to data on the device on Android in my app. I had people not install my app because I asked to send SMSs (which tells the user I can charge them money that way) in my music app, but it's only because I had a share button that is user invoked and clearly is sending a text message to user.
Sure, be clear with your intent with your users, but these permission models don't always scale for the everyday users.
[+] [-] tedivm|14 years ago|reply
[+] [-] furyofantares|14 years ago|reply
[+] [-] dredmorbius|14 years ago|reply
Why can I not query each and every application vendor for all data held on me, and either modify or correct this as I see fit?
I've enjoyed playing with my Android phone for the past while, but I'm increasingly very unhappy carrying a persistent snitch in my pocket.
I'm waiting for the Perl Harbor / 9/11 day for this stuff. It's going to happen, it's a matter of when.
[+] [-] copenhagencoder|14 years ago|reply
So the companies that willfully ignore Apple's app rules and normal ethics are in no way to blame?
[+] [-] enobrev|14 years ago|reply
It's easier to send the raw data. It's foolish to send the raw data. It's a lazy mistake. We all know it happens. We all know WHY it happens. Stop fucking with our data. Pay attention because sometimes you should not be quite so lazy.
Path gets off easy because they're Path. I'm ok with that. But I would fire your ass if you did this under my watch because I know for a fact that this is a stupidly easy problem to resolve. Don't be so damned lazy when it matters.
[+] [-] jacques_chester|14 years ago|reply
Persons wishing to bring this issue to Apple's attention might wish to engage an Australian lawyer or bring the matter to the attention of the Attorney-General's department.
I don't have an iPhone, so I'd have no standing. Fellow Australians, call your lawyers and start raising a stink.
(IANAL, TINLA).
[1] http://www.privacy.gov.au/materials/types/infosheets/view/65...
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] nantes|14 years ago|reply
A while back I casually nuked my iPhone 3G back to factory to give to a friend. I did so without realizing there were some contacts on there that failed to backup to my Mac.
What are the odds some startup or other company out there has my contacts? Do any of them offer personal data dumps? Sadly, these contacts never made it to Google, where I can dump the data.
Just curious.
[+] [-] twsted|14 years ago|reply
1. Permission to access a resource just locally for the benefit of the user;
2. Permission to transmit the data about a resource for social purposes.
[+] [-] creativityland|14 years ago|reply
[+] [-] geoffbp|14 years ago|reply
[+] [-] rkudeshi|14 years ago|reply
I use my address book for everything. I have my contacts' names, phone numbers, email addresses, addresses, IM usernames, birthdays, anniversaries, websites, workplace and other info stored in mine (not to mention some personal info jotted in the notes section).
Until today, I believed that information was secure. I had no idea an app could upload all of that information to their server WITHOUT MY KNOWLEDGE, much less consent.
Because of Google's approval process (or lack thereof), Android users have always been paranoid of the apps they install and what permissions they give them. As an iOS user, I never thought I had to worry about that because of Apple's approval process.
Does it make a little more sense why some of us are furious about this now?
[+] [-] bigiain|14 years ago|reply
Are you sure all the people in your address book are as careless about that data? The friend with the restraining out against their ex? The minor celebrity with the unlisted phone number?
Are you happy with the possibility that a connection between you and someone else might be implied without being true? What if a known drug dealer* had your phone number in their address book? (Perhaps via a room mate or child using the landline to have called them once? Or through reuse of an expired disposable cellphone number?)
* or child pornographer, or political dissident, or terrorist, or…
[+] [-] four|14 years ago|reply
This is not a "mistake". Why would anyone want to have anything to do with such people, much less be their customer?
This warrants punishment, not forgiveness.
[+] [-] becasse|14 years ago|reply