Last week, a mini-shitstorm erupted after it was revealed that Path (a mobile social networking app) was uploading iPhone-users’ address books to their data center without permission.
As it turns out, they aren’t the only app that does this. The Verge dug deep into the data to determine which other apps are doing the same thing.
The proper technical solution is for iOS to limit access to the contacts database for all apps, so that an app must ask the user for explicit permission to access it. Apple already does this for location information. Yes, this solution is likely to break functionality for a wide swath of apps and it also brings up the earlier-mentioned problem of “alert fatigue,” but neither of those issues should be considered deal-breakers when weighed against the potential privacy issues of unfettered access to contact information. As things stand today, any one of the over half a million iOS apps currently in the market can access your address book without your knowledge or permission.
What’s more interesting than the discussion over what Path did is the revelation that any IOS app has complete access to a person’s address book. Glad to see some outlet write the story that needed to be written in the wake of the Path fiasco.
I wouldn’t be surprised if Apple fixes the address book access problem in the next iteration of IOS. FYI, if you’re hip to inside baseball, you can read this excellent post by Dan Lyons for the gist of the Path story and the tech journalism cesspool that resulted from it.