Why do people expect that Apple respond realtime to these kinds of things?
I think people believe that Apple should have considered the privacy implications of allowing Apps unfettered access to user contact data years ago, rather than only reacting when it becomes a PR issue that user-data is being misappropriated by shady App developers who appear to believe that making money is more important than the privacy of their users.
(My personal guess is that they did think about it, after all they introduced Location access permissions with iOS 2.0, but decided that an Android-style permissions matrix would put off end-users. In other words, I suspect that Apple made exactly the same decision that their App developers did: ease-of-use was more important than user privacy.)
"Better late than never" is saying that this protection should have been in the OS from the very beginning, years ago, rather than being tacked on now. It's not related to taking a week to respond to the latest fluff.
agreed..it's like people never dealt with anyone from a big corporation before...it always takes a while to get a response...and something like would require decision making from multiple executives...they probably just waited till the next meeting to bring it up
Apple ALWAYS takes a few days to officially respond to issues like this one. A week is about average. I guess they really have high-level people considering their moves from a PR perspective, or maybe they like to run stuff past their lawyers first or something.
17.1: Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
3.3.9 You and Your Applications may not collect user or device data without prior user consent, and then only to provide a service or function that is directly relevant to the use of the Application, or to serve advertising. You may not use analytics software in Your Application to collect and send device data to a third party.
So. These apps will be removed from the app store immediately, yes?
It is my understanding that a person's address book can be a trade secret, and is protected by law.
The whole Address Book framework on iOS seems to have gotten the shit end of the doody stick when they were handing out skilled programmer-hours at Apple.
For example it's inexplicably implemented as a bunch of low-level Core Foundation calls even though it's not remotely a performance bottleneck in any conceivable use case and 90% of the apps using it immediately wrap every query result in some kind of half-baked Objective-C container. And although 99.9% of the code using it wants to use it a simple contacts database, the APIs are designed to be as general as possible and thus are even more needlessly hard to use.
My guess is there has been a "Do something about Address Book on iOS" item on Apple's to-do list for the last couple of years and this permission business always got pigeonholed under that item, until this latest shitstorm demanded a short-term fix.
It's going to be interesting how they implement this for existing apps, since there is no "The user said 'No'" return value for any of the APIs. I guess they're just going to have to return an empty address book or a "record deleted" result code when the user declines access for an app.
It would be interesting to see what might happen in either of those use-cases for an app which syncs address books with a remote service, such as Google, Yahoo! or CRM tools. It's entirely conceivable that if a user hits no it could have rammifications to other systems which wouldn't expect either of these results.
A few years ago developers were bemoaning all the arduous controls as hurdles. Today people cry out for them. I, for one, am thankful that people are at least expecting a higher standard.
And a few years ago people were telling us that we needed Apple's strict guidelines to prevent rouge apps for doing this sort of evil behaviour. Apple's rules are ineffective.
No one was complaining about having to ask the user for permission to access an address book. People were complaining about silly, arbitrary rules, like banning dictionary apps for "not being family friendly" or walling off entire areas of computer science from third-party developers because of some obscure pissing match between Steve and Adobe.
It's disingenuous at best to compare user privacy protection with the massive list of rules enforced by Apple for reasons that never had anything to do with protecting users.
I'm an iOS developer and I can't believe it has taken Apple so long to implement a security popup when accessing the address book, or that adding address book support doesn't require the developer to declare in the info.plist that this app needs access to it.
Android's permissions model doesn't work at all. Every app asks for a ton of permissions at install time. You can't install the app without saying yes, and every app asks for far more than it needs.
In theory, it is good, but in practice, it's broken.
The iOS way installs the app, but denies access to the resource.
This is a clear marketing opportunity for the Android platform, of course since no one really governs its course, it's completely being missed. I suppose cheaper/more features/hotter phones is the way they want to go.
It’s granular from the developer point of view, but it’s not for the user: when you install an app you either grant it all the permissions it requires (before you have a chance to actually run the app and see what it does) or you don’t install it at all.
With the iOS model (asking permissions when the app uses them) I can install an app, deny it permission to use my location and it will still work for everything else.
Also, how would that solve the problem if the Android developers forgot to add the ”read contacts” permission in the SDK? They would still have to update the software to add it.
Well, better late than never. I still don't get why this wasn't in from the very beginning, considering the protection covering the location and camera roll.
The cynical side of me thinks it was to foster the development of free and low cost apps in lieu of encouraging development of a mobile web accessible to devices from many manufacturers...the business side of me does as well.
Welcome news, and hopefully the existing entitlements system will allow this change to be made quickly and clearly.
More granularity might be nice also. They could have a separate "names only" entitlement, or allow users to identify address book contacts / fields that should never be shared; that are redacted in content returned by the underlying APIs.
Important to note that this still does not address the wholesale detailed export and persistence of contact data by developers. Could be opp for a new provider there.
Granularity comes with a cost: complexity. Complexity which would be foisted on the end-users. It's a slippery slope - you can quickly end up with android-style permissions, where the user has to understand (and usually doesn't) dozens of options.
Considering all the apps that like to use the phone numbers and emails to help new users find their friends using the app it's a difficult decision.
I think a good compromise would be allowing an app access to phone numbers or emails without the rest of the information, eg whose number that is, their street address, etc. Then, giving your own number when you sign up could be an option. That way a new user's app could connect them to those friends of theirs who have opted to attach their name to their number.
Seems to me the flaw in the plan here is that we're talking about asking the user for permission, when we should be asking the contact. I don't want Path to have my contact details, but anyone who has me in their address book is able to provide them. Asking the user for address book permission doesn't fix that.
Really, because frankly, I don't want Congress mucking about in this matter. There's been tremendous consumer backlash over this issue. Application developers and Apple are forming a response that looks pretty positive. The Congressional involvement, from my perspective, is just a meaningless dog & pony show. It won't have any bearing on the outcome.
I really dislike the line of reasoning that the government should step in any time a company makes a mistake. If something egregious is happening, then let's get the government involved, but what we don't need, is Washington getting their panties in a wad and trying to craft some new legislation. We all know how that turns out.
I think in this case Congress involvement was a bit uncharacteristic and populistic. We see so many issue in this area, and they are stepping in for a relatively minor issue on a platform which is generally most resrictive and protective?
I would rather see them stepping in and kicking AT&T (and friends) for 20c cost per SMS, non-free incoming SMS and abolishment of bulk SMS plans. Just recently I wanted to sign up for 100 for $5 plan, it's not there anymore, the only bulk plan left if $20 unlimited. This is ridiculous oligopoly and consumer exploitation.
But how soon is actually soon? 5.0.2 soon? Or 5.1 soon?
I can only wonder how many app developers need to update their apps to remove unnecessary and shady looking address book access. Even worse, I wonder if any popular libraries are slurping address book data that developers don't even know about. Analytics and advertising companies in particular surely couldn't have resisted taking a peek could they? How can you even tell if someone zips up and encrypts your address book? Maybe if you have a jail broken phone modified to detect that, but that's pretty unlikely. Look how many people use Path and we're just now getting wind of it.
This kind of thing really requires good faith efforts from both Apple and the developers. A system-generated prompt for your address book is not particularly useful if it comes up on first launch of the app with no explanation why the app wants the data, like a lot of apps do with location services today.
What Android doesn't have is the ability for the user to deny permissions. It does inform the user when installing the software, but there's still no way I can control permissions of Application X and disable it's access to contacts, SMS, and so on.
iOS gives every app the same rights, Android presents a list of permissions without the ability to disable any of them. What's the difference? I suspect that the vast majority of users don't read that list anyway and just click through. Those that do read it and understand it have only two options - ok to everything, or don't use the app.
It is ironic that Apple is supposed to be protecting us by having very rigid policies for what and what does not enter the app store but they let an app access contact data without permission from the user!
[+] [-] st3fan|14 years ago|reply
"Better late than never..."
Why do people expect that Apple respond realtime to these kinds of things?
These are complex issues and tough decisions that need lots of thought and discussion within the iOS teams at Apple. These things take time.
Remember, iOS is deployed to how many devices now? 100 million? Do you think they can come to conclusions in between two tweets?
Honestly, having an answer ready in a week is not bad at all I think.
[+] [-] pja|14 years ago|reply
I think people believe that Apple should have considered the privacy implications of allowing Apps unfettered access to user contact data years ago, rather than only reacting when it becomes a PR issue that user-data is being misappropriated by shady App developers who appear to believe that making money is more important than the privacy of their users.
(My personal guess is that they did think about it, after all they introduced Location access permissions with iOS 2.0, but decided that an Android-style permissions matrix would put off end-users. In other words, I suspect that Apple made exactly the same decision that their App developers did: ease-of-use was more important than user privacy.)
[+] [-] moe|14 years ago|reply
I think most people don't expect apple to respond at all. At least that's their standard practice with bug reports sent directly to them.
[+] [-] mikeash|14 years ago|reply
[+] [-] brodd|14 years ago|reply
[+] [-] vaksel|14 years ago|reply
[+] [-] Devilboy|14 years ago|reply
[+] [-] buff-a|14 years ago|reply
3.3.9 You and Your Applications may not collect user or device data without prior user consent, and then only to provide a service or function that is directly relevant to the use of the Application, or to serve advertising. You may not use analytics software in Your Application to collect and send device data to a third party.
So. These apps will be removed from the app store immediately, yes?
It is my understanding that a person's address book can be a trade secret, and is protected by law.
[+] [-] frankus|14 years ago|reply
For example it's inexplicably implemented as a bunch of low-level Core Foundation calls even though it's not remotely a performance bottleneck in any conceivable use case and 90% of the apps using it immediately wrap every query result in some kind of half-baked Objective-C container. And although 99.9% of the code using it wants to use it a simple contacts database, the APIs are designed to be as general as possible and thus are even more needlessly hard to use.
My guess is there has been a "Do something about Address Book on iOS" item on Apple's to-do list for the last couple of years and this permission business always got pigeonholed under that item, until this latest shitstorm demanded a short-term fix.
It's going to be interesting how they implement this for existing apps, since there is no "The user said 'No'" return value for any of the APIs. I guess they're just going to have to return an empty address book or a "record deleted" result code when the user declines access for an app.
[+] [-] antonyh|14 years ago|reply
[+] [-] ary|14 years ago|reply
[+] [-] rmc|14 years ago|reply
[+] [-] CamperBob|14 years ago|reply
It's disingenuous at best to compare user privacy protection with the massive list of rules enforced by Apple for reasons that never had anything to do with protecting users.
[+] [-] jinushaun|14 years ago|reply
[+] [-] tferris|14 years ago|reply
(Don't want to start a flame war and I am not really an Android fan)
[+] [-] lawnchair_larry|14 years ago|reply
In theory, it is good, but in practice, it's broken.
The iOS way installs the app, but denies access to the resource.
[+] [-] functionform|14 years ago|reply
[+] [-] RKearney|14 years ago|reply
iOS seems to only care about your location when it comes to permissions which worries me a little.
[+] [-] falling|14 years ago|reply
It’s granular from the developer point of view, but it’s not for the user: when you install an app you either grant it all the permissions it requires (before you have a chance to actually run the app and see what it does) or you don’t install it at all.
With the iOS model (asking permissions when the app uses them) I can install an app, deny it permission to use my location and it will still work for everything else.
Also, how would that solve the problem if the Android developers forgot to add the ”read contacts” permission in the SDK? They would still have to update the software to add it.
[+] [-] dan1234|14 years ago|reply
[+] [-] brudgers|14 years ago|reply
[+] [-] feralchimp|14 years ago|reply
More granularity might be nice also. They could have a separate "names only" entitlement, or allow users to identify address book contacts / fields that should never be shared; that are redacted in content returned by the underlying APIs.
Important to note that this still does not address the wholesale detailed export and persistence of contact data by developers. Could be opp for a new provider there.
[+] [-] sshumaker|14 years ago|reply
I doubt Apple will go this route.
[+] [-] dredmorbius|14 years ago|reply
Address books are out of bounds. End discussion.
Permission fail.
[+] [-] artursapek|14 years ago|reply
I think a good compromise would be allowing an app access to phone numbers or emails without the rest of the information, eg whose number that is, their street address, etc. Then, giving your own number when you sign up could be an option. That way a new user's app could connect them to those friends of theirs who have opted to attach their name to their number.
[+] [-] reddit_clone|14 years ago|reply
With so many people syncing with their corporate groupware with their iPhones, how is this not a howling, category 10, shitstorm yet?
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] cewawa|14 years ago|reply
[+] [-] harryh|14 years ago|reply
[+] [-] huhtenberg|14 years ago|reply
[+] [-] siculars|14 years ago|reply
[+] [-] bradleyland|14 years ago|reply
I really dislike the line of reasoning that the government should step in any time a company makes a mistake. If something egregious is happening, then let's get the government involved, but what we don't need, is Washington getting their panties in a wad and trying to craft some new legislation. We all know how that turns out.
[+] [-] vl|14 years ago|reply
I would rather see them stepping in and kicking AT&T (and friends) for 20c cost per SMS, non-free incoming SMS and abolishment of bulk SMS plans. Just recently I wanted to sign up for 100 for $5 plan, it's not there anymore, the only bulk plan left if $20 unlimited. This is ridiculous oligopoly and consumer exploitation.
[+] [-] SimHacker|14 years ago|reply
[+] [-] ansy|14 years ago|reply
But how soon is actually soon? 5.0.2 soon? Or 5.1 soon?
I can only wonder how many app developers need to update their apps to remove unnecessary and shady looking address book access. Even worse, I wonder if any popular libraries are slurping address book data that developers don't even know about. Analytics and advertising companies in particular surely couldn't have resisted taking a peek could they? How can you even tell if someone zips up and encrypts your address book? Maybe if you have a jail broken phone modified to detect that, but that's pretty unlikely. Look how many people use Path and we're just now getting wind of it.
[+] [-] xsmasher|14 years ago|reply
http://isource.com/2008/07/23/aurora-feint-removed-from-app-...
The game was removed, but the (obvious) policy change wasn't made.
[+] [-] smackfu|14 years ago|reply
[+] [-] nimblegorilla|14 years ago|reply
Almost all of the apps I use have no reason to need my addressbook data so it would be nice to know that none of those are secretly stealing it.
[+] [-] sutro|14 years ago|reply
[+] [-] zak_mc_kracken|14 years ago|reply
Android has had it since day one, isn't it common sense to assume that users might want to approve such access?
<shakes head>
[+] [-] antonyh|14 years ago|reply
iOS gives every app the same rights, Android presents a list of permissions without the ability to disable any of them. What's the difference? I suspect that the vast majority of users don't read that list anyway and just click through. Those that do read it and understand it have only two options - ok to everything, or don't use the app.
[+] [-] yabai|14 years ago|reply
[+] [-] polemic|14 years ago|reply
[+] [-] jackalope|14 years ago|reply
[+] [-] hockeybias|14 years ago|reply
[deleted]