Instapaper’s creator, Marco Arment, made a good point on his blog about permissions and your phone’s address book in the wake of the Path privacy controversy. It probably came as something of a surprise to many users that their iPhones are habitually handing over their address books to a variety of social services we use daily without as much as a prompt requesting permission to do so.
The popular Path app was caught uploading and permanently storing people’s entire address books on Path’s servers. People were upset, but what’s scarier is the bigger issue: apparently, this is a very common practice among popular apps.
Mobile applications are becoming more and more popular as more people start using smartphones instead of feature phones. These apps are increasingly social and that means that users are often prompted or otherwise given an opportunity to share their social graph with these apps and their underlying services. Users’ social graphs may take the form of Facebook or Twitter connections (in which cases users are probably familiar with the more secure OAuth-based authentication processes to give 3rd party apps and services access to their profile information) or address books stored on the devices concerned.
Path partially addressed concerns about how it uploaded users’ address books through the social app in a blog post titled “We are sorry.“. The post was a terrific reputation management exercise and diffused much of the anger directed at Path. That said, the general practice of uploading address books remains in place for the most part (although you can imagine that reputation conscious developers will probably alert users to this practice in their apps going forward). What hasn’t really been addressed is the permissions set at a device level which makes this possible. As Arment points out –
When implementing these features, I felt like iOS had given me far too much access to Address Book without forcing a user prompt. It felt a bit dirty. Even though I was only accessing the data when a customer explicitly asked me to, I wanted to look at only what I needed to and get out of there as quickly as possible. I never even considered storing the data server-side or looking at more than I needed to.
This, apparently, is not a common implementation courtesy.
We can’t prevent services with poor judgment or low ethical standards from doing creepy things with the data once it’s sent to them. We can’t even realistically use App Review to only permit access to the Address Book fields (email, name, phone, etc.) that are justifiable for any given app to access, because there are too many gray areas.
One of the problems with allowing your address book to be uploaded is that you lose whatever control you may have had over that data once it leaves your device. In contrast, when users authorise Facebook or Twitter to grant access to their contacts to 3rd party services, they notionally retain the ability to revoke that permission and deny the 3rd party service further access to that data. With address book uploads, its pretty much as the saying goes: you can’t unscramble the egg.
As Arment proposes, one solution is that device manufacturers or smartphone OS developers build device or OS-level permissions into address book APIs such that users are clearly prompted for permission to upload or otherwise grant access to their address books when apps request it. Another option is that users should be more circumspect about granting this sort of access to their address books to 3rd party apps and services. Users frequently have a combination of sensitive and generally available personal information on their devices and simply granting access to their address books can prove to be problematic not just to those users but to the people who have entrusted their personal information to those users, sometimes with specific purposes in mind which exclude being shared with the popular social app of the day.
Update: Ars Technica has a related post titled “Developers say Apple needs to overhaul iOS user information security” about this issue which is worth reading.