News

iPhone apps are stealing your contacts without you knowing, claims designer

Apple facilitating contact detail theft

iPhone apps are stealing your contacts without you knowing, claims designer
The latest iOS hot potato – following on from Clonegate and claims developers are utilising bot farms – is the suggestion that iOS apps have the potential to access their users' entire contact lists and transferring them to remote servers without asking for permission.

The claim has been made by designer Dustin Curtis, who states such actions are "common practice" amongst developers, with many utilising the info to "vastly improve user experience".

Some, however, could have far less honourable intentions.

User rights

"I did a quick survey of 15 developers of popular iOS apps, and 13 of them told me they have a contacts database with millions of records," says Curtis on his blog.

"One company's database has Mark Zuckerberg's cell phone number, Larry Ellison's home phone number and Bill Gates' cell phone number. This data is not meant to be public, and people have an expectation of privacy with respect to their contacts."

Of course, as Curtis doesn't publicly point the finger at any developers it's hard to know if his claims are true. 

He goes on to question why Apple – which has criticised developers and analytics firms in the past for storing user data without permission – facilitates such a practice.

"Even Android requires that apps ask for explicit permission to access local contacts," adds Curtis.

"On iOS, every other seemingly private local data source, like location and the camera roll, have strong protections; apps can't even see photos in the camera roll unless the user explicitly selects them from the image picker.

"That Apple provides no protections on the address book is, at best, perplexing."

All on Apple

Dustin points to social networking app Path, which was recently forced to apologise to its userbase when it was revealed it had been uploading contact lists to its servers as a background task for the purposes of aiding user's to invite and add friends.

The real key to the issue – both in terms of the thinking behind it, and the likelihood such activities will be closed down – lies with Apple, however.

"In this case, I can't think of a rational reason for why Apple has not placed any protections on address book in iOS," concludes Curtis.

"It makes no sense. It is a breach of my privacy, and it has allowed every app I've installed to steal my address book."

[source: Dustin Curtis]

With a fine eye for detail, Keith Andrew is fuelled by strong coffee, Kylie Minogue and the shapely curve of a san serif font.