iPhone apps stealing contact data, storing info on private servers

Chase Kell
·Editor

iPhone users rejoiced when the keystroke monitoring system known as Carrier IQ was confirmed in Android devices back in December. But before they could boast, Carrier IQ was discovered in both the iPhone and iPad, making the top two mobile OS developers guilty of tracking the activity of their users.

And that's not all that your sneaky iPhone is up to.

A report from Gizmodo reveals how an array of iPhone apps are stealing your contacts data and storing it in a private server. Some of the offending apps are making the appropriates fixes, and some aren't. But as Sam Biddle of Gizmodo explains, the underlying issue goes much further.

"Apple allows any app to access your address book at any time—it's built into the iPhone's core software," he explains in the article. "The idea is to make using these apps more seamless and magical, in that you won't have dialog boxes popping up in your face all the time, the way Apple zealously guards your location permissions at an OS level—because fewer clicks mean a more graceful experience, right? Maybe, but the consequence is privacy shivved and consent nullified."

The iPhone is making its own decisions on what's okay to share - and who to share it with - and it's doing it without your consent. It's an alarming revelation that not even Steve Jobs could condone. So the Gizmodo team ran a test using a proxy application called Charles, observing the data as it jumps from smartphone to remote server.

"As Paul Haddad, the developer behind the popular Twitter client TapBot pointed out to me, some of App Store's shiniest celebrities are among those that beam away your contact list in order to make hooking up with other friends who use the app smoother," explains Biddle. Here's what Haddad found:

Foursquare (sharing Email, Phone Numbers, no warning)
Path (Pretty much everything after warning)
Instagram (Email, Phone Numbers, First, Last warning)
Facebook (Email, Phone Numbers, First, Last warning)
Twitter for iOS (Email, Phone Numbers, warning)
Voxer (Email, First, Last, Phone numbers, warning)

Instagram and Foursquare have since updated their respective apps to provide a much more ostensible warning (which should be required of every iPhone app). But as Haddad reveals, many apps aren't nearly as generous.

"A lot of other popular social networking apps send some data," says Haddad in the article. "Mostly names, emails, phone numbers."

For example, the Instapaper app will transmit email listings from your address book whenever you ask to search contacts. There is no warning of data about to be shared, and "once the data is out of your device there's no way to tell what happens to it," says Haddad.

Fortunately, some companies have explicitly stated how they handle the shared data. Foursquare, for example, says it does not store such data and never has. Twitter revealed that they keep your address book data for as long as 18 months, an initiative said to "make it easy for you and your contacts to discover each other on Twitter after you've signed up." Tweeps can, however, delete said data at any time with this link.

But as Biddle explains, certain companies may be taking a page out of the Path book - "storing that information indefinitely until they're publicly shamed into doing otherwise. Or worse."

This news is sure to irk the millions of iPhone users, and for Biddle, a solution that goes beyond the goodwill of those guilty app developers is a must.

"All the ARE YOU SURE YOU WANT TO DO THIS? dialog boxes in the world won't absolve Apple's decision to hand out our address books on a pearly platter," shares Biddle. "iOS is the biggest threat to iOS—and nothing short of a major revision to the way Apple allows apps to run through your contacts should be acceptable."

(AFP Photo)

  • Up next
  • Up next
  • Up next
  • Up next

Latest Stories