We've made a big deal about Apple allowing app developers to download and store the address books of iPhone users. As have many others. And while it's easy to shrug and assume that it won't affect you in any tangible way, you shouldn't.
This is important. Here's why.
Admittedly, when it was first revealed that Path was taking our contacts, I was a bit ambivalent about the whole thing. I thought, sure, they shouldn't be doing that. But is a public-facing company with serious investor backing and big ambitions going to do something malicious with our address books? Doubt it. Path overreached. Path was dumb. But Path wasn't dangerous.
I wasn't thinking big enough.
How big a deal is the wholesale lifting of your address book without your consent? It's bigger than Apple secretly tracking your location. This is almost as intrusive as the activity logger stored on Android phones. Our contacts are among the most private and intimate things we keep on our phones. And Apple has essentially allowed any developer to just take them without so much as an alert.
It's not the developers I know about that concern me. It's the developers I don't know about.
As we've come to learn, Path isn't the only one doing this. And if such a heavily hyped company could get away with collecting some of our most private data without us knowing, who else could? There are tens of thousands of different app developers out there. It's virtually impossible to tell if they're uploading your information, because Apple lets them do it.
Hypothetically speaking, let's say a shady, low-profile developer manages to rack up 100,000 downloads. In the worst case scenario, it lifts each user's address book, filling its servers with countless names, email addresses, and phone numbers of witting friends and family.
What can a dev do with that info?
Well, they can always sell it. Telemarketers and mass mailers love phone numbers, emails and addresses. If the app remains in obscurity, who would ever notice them turning a quick profit on your private info?
Or maybe they have direct, malicious intents. I've heard plenty of stories about people losing their phones, and having their friends and family members receive calls from scammers claiming that the person in question was in the hospital/jail/etc. and needed money. We generally notate in our address books who our parents/grandparents/siblings/significant others are, making them potentially easy marks.
And to be honest, the big companies having this info concerns me as well. Could a court subpoena them for your contacts? Would they willingly hand it over? Maybe a journalist unwittingly (and foolishly) left the name and number of a source in their phone, and is now part of an investigation into a leak. Maybe someone is part of a vicious lawsuit in which every piece of available information is being picked through with a fine-toothed comb. Maybe an unlikely scenario for many, but still entirely possible.
Remember, too, that it's not just the developers who sneak behind your back to watch out for. But even in the best case, an app that gets 10,000 of its users to opt to search for other friends using the app gets access to the same information. And once it's on that company's servers, there's no way to control how they use it.
Generally, when privacy concerns arise, the fears and concerns err more on the side of the theoretical than the actual. X company could do this, or Y government could get away with that if we let Z activity go unchecked. They're legitimate gripes, but the end result would, at most, affect us indirectly.
But your contacts are a very tangible thing. Our phones are now the purest extension of ourselves in the digital world. If forced to pick between laptop or smartphone, I'd wager most people would pick the phone. It is not a device whose trust we should question. Private, intimate details of our lives are shared on these little things which fit in the palm of our hand, and if we have to constantly second guess whether or not their secrets are safe, we're eventually no longer going to want to use services like Path, and ultimately our phones. That would be a shame. Plus, those contacts being in the open could not only affect you in a very real way, but all those other people you know as well.
This isn't a tin foil hat fantasy. It's real life.