Apple: Contact Collection by Apps Against Guideline, iOS Update to Address Issue
Apple responds to recent controversy of certain apps such as Path social network accessing address book contacts without requesting for user permission.
Apple spokesman spoke to All Things D:
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines*,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
Apple already requests explicit approval for an app’s access to location or camera roll. Apple is adding explicit user approval for future iOS update, probably iOS 5.1, expected iPad 3 release in March. Or a quick 5.0.2 update.
These are the Apple guidelines the developers violated:
17.1: Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
3.3.9 You and Your Applications may not collect user or device data without prior user consent, and then only to provide a service or function that is directly relevant to the use of the Application, or to serve advertising. You may not use analytics software in Your Application to collect and send device data to a third party.
Path and a number of apps already updated their apps to request user permission to access iOS address book. App developers typically use the contact data to determine whether your friends are on the same network, allowing for a more seamless experience. So far, there hasn’t been any known malicious cases where app developers abused the data.
- Android Apps Can Secretly Copy Photos Without Permission
- Free Apps Can Waste 75% Battery Life Tracking Users & Serving Ads
- June 25 Apple Diagram: No Contact with iPhone 4 Metal band
- Android apps including those in Google Play Store vulnerable to MitM remote code execution exploit
- Apple Q&A on iPhone Location Cache TrackerGate