Your iPhone May Be Sharing Your Address Book Contacts Without You Knowing It

Ah, the iPhone, such a marvelous multi-faceted device. Really, is there anything it can't do? Take a photo, send a tweet, find directions, remind you about an appointment, translate your words into text, allow a variety of applications to grab private contact data from your address book without your permission ...

*insert sound of needle scratching across record*

Yes, apparently your handy-dandy iPhone currently allows any app to access the contacts in your address book—including names, phone numbers, and emails—because the ability to do so is built right into the core software.

"Think different," indeed.


Apple's address book is similar to the location service in that it's handled within the operating system. But location services always pop up a dialogue before they transfer your GPS information. Happily, the iPhone doesn't just broadcast where you are without your permission.

In comparison, the iPhone's (and iPad's) address book is wide open for the taking. Instead of giving you the option to allow or not allow an app to come in and grab your contact data, any app can currently access your address book data. Not only that, you have no way of knowing what they do with that information.

For instance, if you use the mobile Twitter app to "Find Friends," the app scans your contacts to see if they're on Twitter. Super, right? Except for the part where Twitter actually stores all that contact information for an 18-month retention period. Twitter says they'll be changing the language from "Scan your contacts" to "Upload your contacts," but it seems like the more accurate description would be "Send every name, email address, and phone number in your address book to Twitter so we can keep it for a year-and-a-half for reasons that are completely unclear."

Apple recently released a statement about the address book issue, saying that a fix is coming soon:

Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.

So basically, as soon as the software is updated, we'll probably be seeing something like this when an app is requesting permission to access the contact list:

Frankly, I'm not sure that's good enough. It seems to me that users need more than just one potentially confusing dialogue box between their privacy and a third party's ability to grab sensitive data. Apple has historically taken privacy very seriously—as Steve Jobs himself once said:

Privacy means people know what they are signing up for. In plain English. And repeatedly. That's what it means.

Exactly. It'll be interesting to see what Apple does to live up to that promise.

Did you know about the iPhone address book issue? Does it worry you?

Images via Apple

Read More >