iOS Apps and the Address Book: Who Has Your Data, and How They’re Getting It

Dieter Bohn, The Verge:

Stated simply: any iOS app has complete access to a large amount of data stored on your iPhone, including your address book and calendar. Any iOS app can, without asking for your permission, upload all of the information stored in your address book to its servers. From there, the app developer can either use it to help find your friends, store it in perpetuity, or do any number of other things with it.

Over the course of the past day, we have been using the method explained by Arun Thampi (who discovered Path’s privacy violation) to investigate several dozen popular iOS apps. Our findings should bring both comfort and concern to any iPhone user — and to be frank the work of doing a similar investigation on Android and other platforms remains to be done.

Makes me wonder whether any apps are playing similar shenanigans on the Mac, where most apps still have unfettered access to all your data. (I say “still” because this is one of the problems that app sandboxing is meant to mitigate, but few third-party Mac apps are sandboxed yet.)

Wednesday, 15 February 2012