Apple's Failure Lets Developers Steal Your Address Book

Path faced a privacy flap when it was revealed that the company was uploading users' address book data to its servers without permission. While it stopped doing that and deleted all the data it had stored, a larger issue remains.

As Dustin Curtis notes, address book data mining is a common practice among some developers, and it's something Apple could control and could have even prevented in the first place. This post originally appeared on Curtis' weblog. We thought it was an important read, and he was kind enough to allow us to republish it below.

Stealing Your Address Book

It's not really a secret, per se, but there's a quiet understanding among many iOS app developers that it is acceptable to send a user's entire address book, without their permission, to remote servers and then store it for future reference. It's common practice, and many companies likely have your address book stored in their database. Obviously, there are lots of awesome things apps can do with this data to vastly improve user experience. But it is also a breach of trust and an invasion of privacy.

I did a quick survey of 15 developers of popular iOS apps, and 13 of them told me they have a contacts database with millons of records. One company's database has Mark Zuckerberg's mobile phone number, Larry Ellison's home phone number and Bill Gates' cell phone number. This data is not meant to be public, and people have an expectation of privacy with respect to their contacts.

There are two major questions to ask about this behaviour:

First, why does Apple allow iOS apps to access a user's entire address book, at any time, without permission? Even Android requires that apps ask for explicit permission to access local contacts. On iOS, every other seemingly private local data source, like location and the camera roll, have strong protections; apps can't even see photos in the Camera Roll unless the user explicitly selects them from the image picker. There is a huge section of the Settings app dedicated to giving people fine control over which apps have access to location information. That Apple provides no protections on the Address Book is, at best, perplexing.

Second, why do app developers, who know of the potential public backlash if this behaviour were publicized (that's why they keep it quiet), continue to upload user address books to their servers? I think this question is easier to answer. Any app is an investment, and, like any investment, there are three outcomes -- success, failure and mediocrity. The only one that matters on a market like the App Store is success, so fledgling app developers do everything they can to increase their chances. Because Apple provides extremely easy access to address book data, the pro -- that is, using the data to improve user experience, increase virality and growth, etc -- outweighs the con. To stay on equal footing, larger apps, like Yelp, Facebook and Foursquare, have to follow along. From a design perspective, it is a concession of user growth at the expense of user trust.

Yesterday, it was revealed that the private social network app Path practises this behaviour. People were outraged. Today, CEO Dave Morin apologised on the Path blog:

Through the feedback we've received from all of you, we now understand that the way we had designed our ‘Add Friends' feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.

There was similar outrage last year, when Kik was outed. But, after a while, things calmed down. Kik never conceded. Developers continued to stay quiet. Users forgot about it entirely.

Apple's Failure

I fully believe this issue is a failure of Apple and a breach of trust by Apple, not by app developers. The expectation of Address Book privacy is obvious; in fact, one person on Hacker News, in response to learning about Path's use of the data, said, "Apple would never do this to their users." Because Apple has your trust and yet gives this private information freely to developers, Apple does do this to their users. All of them.

Usually, when I am curious about something Apple has done, I try to understand the design thinking that went into the decision. In this case, I can't think of a rational reason for why Apple has not placed any protections on Address Book in iOS. It makes no sense. It is a breach of my privacy, and it has allowed every app I've installed to steal my address book.

Dustin Curtis is a superhero. You should follow him on Twitter here and read his blog here.



    Um... that's a horrible invasion of privacy and a massive security hole.
    I wonder if this happens on Windows and Android phones as well?
    And why isn't this more widely known? It's pretty horrible.

      I read it again- Android requires explicit permission. That's a relief.
      I will have to wan my iphone owning friends and family about this though.

        Certainly it is better, however you never know what the app is doing with that data to be fully protected. You may have no issue with an app accessing the address book, a phone dialer on Android may need it for example to display contacts. You'd assume this is a pretty pedestrian requirement and likely grant access when for all you know that data is being used for more than the actual App advertises, but you gave it access since you ultimately didn't know any better.

        Androids solution is a bit better, but it's not necessarily going to save too many people in the long run as Apps can advertise one bit of functionality while not mentioning others...presumably just like what happened for this iPhone app.

    O/O I installed Path a few weeks ago, I was pretty sure I did have to accept the prompt to uplpad my address book , but I of course declined at the time

    Wow an article that shows android in a better light that iOS. That's a turnip!

    And Antonia kicks off the childish iOS vs android banter ....

    Shouldn't we call this 'pirating' people's address books? :P

    "I can’t think of a rational reason for why Apple has not placed any protections on Address Book in iOS. It makes no sense."

    There are Applications built around the address book being available, WhatsAPP and Viber being two I can think of. Perhaps a settings pane could be hidden somewhere to restrict access, similar to how location services can be disabled. If an App needs it then it will ask.

    Facebook has been pirating address books for years - I continue to get suggestions for friends that could only have come from my iPhone address book . When Facebook still had the option to view the address book they had uploaded from my phone with out my permission, I deleted the whole list, but Facebook has since re-uploaded it again without my permission!!! Facebook continue to ignore complaints of this behaviour. Gizmodo, you should be using you influence to publicise this behaviour that effects way more people than Path uploading our address book will ever effect!!!

Join the discussion!