Feeds

Cupertino to ban permissionless address book copying

A lesson in faking sincerity

Maximizing your infrastructure through virtualization

Apple – arguably a villain in the “Path copies your address book” brouhaha – has, under pressure from US lawmakers, decided to require that apps prompt users before accessing their address book data.

According to Reuters, the decision came after members of the US House Energy and Commerce committee asked Apple to provide the committee with information about its privacy policies. The request came from Democrat representatives Henry Waxman of California, and GK Butterfield of North Carolina, who asked Apple to “clarify its developer guidelines”.

The spreading privacy scandal began when an app called Path was discovered uploading users’ address books without their knowledge (many outlets are now toning down this accusation to say “without their consent”. El Reg doesn’t understand this kindness: if you don’t tell someone it’s happening, they don’t have any chance to give or withhold consent).

Path wasn’t on its own for long: as soon as the world realized developers were given the chance to swell the value of their databases by treating their users as data entry clerks, it quickly emerged that Facebook, Twitter, Foursquare and others pulled the same trick, in some cases without permission.

A Cupertino cultist spokesperson said that the fix will “make this even better for our customers” (El Reg: We know. This phrase was so awful it should be recorded for all time).

“As we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release,” the spokesperson told Reuters.

The Path scandal is having some interesting repercussions in other places. Defenses of Path mounted by investor Michael Arrington drew this blistering sledge from Dan Lyons, who outlines an incestuous investor-blogger culture in Silicon Valley.

Roger Clarke of the Australian Privacy Foundation told The Register that public outrage against developers – whether their actions are malicious or merely careless – is really the only effective defense the end user has against such encroachments.

A company like Path, Clarke explained, is beyond the jurisdiction of non-US privacy regulators (like Australia’s Tim Pilgrim), and while uploading the address book may violate the privacy of individuals in the address book, the user uploading it probably isn’t subject to the Privacy Act.

Name-and-shame is pretty much all there is. “Privacy law is a waste of space, since it doesn’t protect privacy; public outrage is our only protection”, Clarke said. ®

Seven Steps to Software Security

More from The Register

next story
Whoah! How many Google Play apps want to read your texts?
Google's app permissions far too lax – security firm survey
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
OpenWRT gets native IPv6 slurping in major refresh
Also faster init and a new packages system
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.