iOS 6 Will Now Prevent Apps From Stealing Your Contact Data

Back in February, Apple got in trouble for hugely lax privacy restrictions that let apps steal your personal data, like contacts. In iOS 6, it looks like Apple's slammed the door on that behaviour, requiring apps to get explicit user permission before accessing your personal information.

Here's the exact language from the security section of the iOS 6 release notes:

In iOS 6, the system now protects Calendars, Reminders, Contacts and Photos as part of Apple's data isolation privacy initiative.

Users will see access dialogs when an app tries to access any of those data types. The user can switch access on and off in Settings > Privacy.

There are APIs available to allow developers to set a "purpose" string that is displayed to users to help them understand why their data is being requested.

There are changes to the EventKit and Address Book frameworks to help developers with this feature.

What that means, basically, is that nothing you download will be able to, say, surreptitiously upload your whole photo album to its servers, or dig through every email address on your phone without asking you. You'll always be asked, just like Steve wanted. [9tomac]



    As long as the user's option choice is actually respected, unlike the iPhone location-tracking debacle, good.

      Google haven't changed their approach to tracking user data, so good on Apple for making the move and being upfront about it. Remember the google tracking debacle and the pilfering of open wifi data? It was far more sinister. Don't be evil, yeahhhhh, right. Unless we're stealing your stuff.

        Since Android 1.0 Google provided their users information on "apps access permission" to any data on your phone.
        I never install any app that require access to both Internet & read-contact-data together.

        Its hard to hide your information from Facebook when you & your friends voluntarily supply data.
        When you are using windows you are not secured from Microsoft.
        With iOS & MacOS you can't hide from Apple.
        When using Android, Chrome browser and other google services you are exposed to Google .
        Every large and small companies use our information for their own benefit.
        But the risk is more with smaller companies. Big companies try to use our data responsibly to avoid any big mess. The stake is higher for them.

        But it is idiotic for Apple to allow Apps to access user's data without the user's permission.

    So what if a developer creates a "benign" app that simply waits for you to change your privacy settings before pilfering your data? You should only be able to turn it on/off on a per app basis.

      They'll get an access dialogue as the article says they will.

    Wow, this is exactly what I wish was an option in Android. I find it infuriating that on Android, you must accept all the permissions an app requests in order to install it, and then you have no control over when those permissions are exercised. Certainly, it is a good start that the apps must request the permission (which it is insane iPhone apps didn't have to do), but I think it would be much better if a user could mark certain permissions as 'on demand', and then refuse them when prompted.

    There are a great many apps in which the permissions requested are unnecessary for the app to function, but can provide some additional functionality (e.g. Twitter accessing my contact lists). It makes good sense for me to be able to refuse this app access to my contacts while still using the other features, without the app provider having to create two distinct apps with distinct permissions.

    (Mind you, I use 'PDroid' to get around part of that, and a great many others use 'LBE Privacy Guard', but it would still be nicer in the OS).

Join the discussion!