Apple to enforce opt-in for contact data uploads

We last week reported on the iOS Path app uploading address book data to its servers, but without first asking for permission. Developer Matt Gemmell commented on the incident, and argued that "when dealing with personal information, it's important that developers and management be educated on privacy issues and in techniques for addressing them".

Path itself also responded quickly, apologised and has since released an update that prompts the user for permission to upload data, but it soon became clear that Path was far from the only culprit. Marco Arment and Dustin Curtis reported as such and both additionally put the onus of blame on Apple rather than developers, arguing that the company should not enable address book data to be used without permission.

There were arguments that Apple's developer guidelines, as shown below, did in fact state this action was not allowed:

17.1: Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used

17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected

However, US congressmen started demanding answers from Apple, with an open letter stating: "You have built into your devices the ability to turn off in one place the transmission of location information entirely or on an app-by-app basis. Please explain why you have not done the same for address book information."

In a written statement to the media, Apple said it will soon release an update that will fix this issue: "Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines. We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

Apple's response should satisfy most, but the incident has opened yet another can of worms regarding privacy. With apps seemingly routinely grabbing address book data, there are now questions regarding how often this is happening on other mobile systems and also desktop operating systems; the lack of security in data upload from some apps makes even Apple's opt-in requirement in part pointless, in an age where people just click or tap dialog boxes to get rid of them; and now, according to the EFF, Google's circumvented privacy protections built into Safari, once again showcasing that even if protections are in place, it's often possible to get around them.

Thank you for reading 5 articles this month* Join now for unlimited access

Enjoy your first month for just £1 / $1 / €1

*Read 5 free articles per month without a subscription

Join now for unlimited access

Try first month for just £1 / $1 / €1

The Creative Bloq team is made up of a group of design fans, and has changed and evolved since Creative Bloq began back in 2012. The current website team consists of eight full-time members of staff: Editor Georgia Coggan, Deputy Editor Rosie Hilder, Deals Editor Beren Neale, Senior News Editor Daniel Piper, Digital Arts and Design Editor Ian Dean, Tech Reviews Editor Erlingur Einarsson and Ecommerce Writer Beth Nicholls and Staff Writer Natalie Fear, as well as a roster of freelancers from around the world. The 3D World and ImagineFX magazine teams also pitch in, ensuring that content from 3D World and ImagineFX is represented on Creative Bloq.