Wednesday, February 15, 2012

iPhone users: Who has your contacts' info?


The wholesale auction of our personal information on the Internet is nothing new. 

Ever used one of those charming little Facebook apps to chart birthdays, answer inane questions about your friends or seed digital corn rows? The first time you use it, you're greeted with a confirmation page that says the app developer gets to summarily de-pants your profile. 

Click 'Allow' and that information is just... out there. Who knows where it eventually ends up or how it's stored?

Last week, the developer of social networking app Path was caught with its hand in the contacts jar. Literally, they were taking the contact books of users and storing them, unencrypted, without user consent or even a pleasant little note: "Hey u, just takn all ur stuffz lol!!!1"

How many more app developers would engage in such an insidious practice? The answer might be surprising/stomach-churning...



The Next Web delved deep into the back-end dealings of many major smartphone apps, to find out just how rampant this problem is.

As far as they could tell, Facebook, Foursquare, Twitter and Instagram, four big apps that anyone who's anyone will have on their home screens, all send things like email addresses, first and last names, contacts' phone numbers and mailing addresses to their servers. 

Of those, Foursquare was the only one that doesn't inform the user that this is occurring, yet they later defended themselves to The Huffington Post, saying they don't actually store any of that info.

At the heart of this issue is Apple's iOS, which doesn't force devs to ask for this information first. The scandal has sparked congressional inquiry, according to The Next Web - Rep. Henry Waxman (D-Calif.) and Rep. G.K. Butterfield (D-N.C.) mailed Apple CEO Tim Cook about these gaping holes in users' privacy:
"This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts."
Apple has until February 29 to reply.


Gizmodo's Adrian Covert worries this oversight could spiral out of control if the more unscrupulous developers had access to their users' personal contact info:
"... maybe they have direct, malicious intents. I've heard plenty of stories about people losing their phones, and having their friends and family members receive calls from scammers claiming that the person in question was in the hospital/jail/etc. and needed money. We generally notate in our address books who our parents/grandparents/siblings/significant others are, making them potentially easy marks."
Since the Path fiasco, CEO Dave Morin apologized, removed all user information from the Path servers and the Android version has a new pop-up notification about the info-grabbing. And after The Next Web's expos√©, Instagram also added their own pop-up, without making a big hubbub. 


If you get into apps - and if that is actually a viable option on your phone, it's almost impossible not to - you owe it to yourself to check out The Next Web's in-depth investigation.


The future is here, folks... Scary, ain't it?


No comments:

Post a Comment