Trouble in Paradise. Apple’s Privacy Loophole.


Apple, I hope you're paying attention! Cause we're watching you!

With all the different websites, email platforms, social media sites, and mobile apps out there, we’re constantly agreeing to the terms and conditions of use as a condition for being able to use these platforms.

Few of us, rarely (if ever) actually read the fine print, and typically scroll through to the end of this usually voluminous text or simply check the “I Agree” box so that we can get passed the legalese and into the <insert name of digital thing you want to play with here>.

Most of us take it for granted, that if we’re signing up for something – anything – online, that there are sufficient safeguards in place that protect our personal information.

We usually aren’t worried that our private information isn’t going to be shared, sniffed, phished, sold, traded or otherwise accessed in any nefarious way.

And if it IS going to be so utilized, we’ll be given clear and unambiguous notice of such (nefarious) intent, and the option and opportunity to opt out of such use/mis-use of our information.

Right?

WRONG!

Last week, Gizmodo reported that Path, the smart journal app that lets you share your life’s experiences with your friends and personal network, was uploading its’ users’ contact information to their servers, without either the knowledge or consent of the apps’ users.

After the issue was raised, and many bloggers expressed outrage and dismay at Path’s actions, the company quickly removed all the uploaded data and apologized.

However, another Gizmodo’s piece (published today) exposed a troubling issue that continues to exist with Apple’s apps: the fact that any app can access and utilize the contacts from any user’s address book unchecked by Apple.

Now you must know, Apple’s entire paradigm is built on protecting a user’s privacy.

Anyone who uses Apple devices, can attest to the fact that everything is permission based.

You can’t pass gas using an Apple device,without a pop-up asking if you’re sure you want to do that.

Which makes the Path loophole, even more disconcerting.

If you’re like me, you’ve got a number of different apps on your iOS devices.

You take it for granted that any app that you’ve got on your device, passed Apple’s rigorous muster, and isn’t going to do anything or can’t do anything to compromise the integrity of other data you’ve got residing on your device.

You certainly don’t expect that an app is going to be able to not only access your private data, but also share that data without your knoweldge or consent.

Mind you, Path had taken advantage of Apple’s failure to protect the data in your contacts.

While Apple scrutinizes every app that ultimately makes it into the App store, this loophole exists on an operating system level, outside of that scrutiny.

As Gizmodo aptly summarizes:

The problem is that the address book service doesn’t use the same mechanism. It’s free for the taking. This is where the privacy clusterfuck ensues. Some app developers—like Path did—are taking advantage of this weakness. The fact is that, at this point, any app can access your address book and steal all your contacts. Just like that. We don’t know which apps may be doing this right now. That is a scary thought and Apple should have thought about it.

Who knows which of these apps are utilizing this back-door approach to access (and potentially suck up) my contacts (and who knows what else).

Apple MUST do something about this – and soon!

As Jesus Diaz (the author of the Gizmodo piece) puts it, “Apple should have made the access to your contacts information as restricted as to the user’s geolocation data.”

I’m going to keep an eye out for the resolution of this issue, and keep you posted.

But whatever the case may be, be careful what you put on your iOS device, it may be gaffling your info!

About these ads

Leave a comment

Filed under apps, digital advocacy, iPad, iPhone, mobile, privacy, technology, Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s