back to article Cupertino to ban permissionless address book copying

Apple – arguably a villain in the “Path copies your address book” brouhaha – has, under pressure from US lawmakers, decided to require that apps prompt users before accessing their address book data. According to Reuters, the decision came after members of the US House Energy and Commerce committee asked Apple to provide the …

COMMENTS

This topic is closed for new posts.
  1. Henry Blackman

    I wonder...

    I wonder how many Windows Phone, Android, Blackberry etc apps have routinely done this for years too?

    Apple have done the right thing. They couldn't have acted much more quickly could they!

    1. Annihilator Silver badge
      Meh

      Re: I wonder...

      Don't know about the rest but Android apps state what permissions they need in the market place. Unfortunately it seems developers go the whole hog there too - most apps I saw when I was an Android user required access to far more than was necessary.

      Weirdly, I recall J2ME apps had permission levels such as these that had to all be approved by the user. Not sure how we took a step backwards there..

      1. Anonymous Coward
        Anonymous Coward

        J2ME apps and permissions

        The reason for this is easy to see: J2ME came from mobile phone industry side and systems such as Symbian, while iOS and Android were both born in the IT and desktop computing side of things.

        On the computing side applications have been free to query this sort of data freely, without requesting ANY permission, so this same behaviour got transferred over without anyone really blinking an eye over it.

        Now, in light of this, should desktop system also change?

      2. Tom Chiverton 1

        Re: Re: I wonder...

        if you were still a 'droid, you'd see that most popular apps now explain why they want each permission. Mostly it's because "this broad permission is the only way to get the one thing I need"

    2. Mage Silver badge
      Big Brother

      Re: I wonder...

      They could have put the procedure in place from the start, years ago. Only acting when you are caught isn't very praiseworthy. You don't honestly think Apple didn't know?

      1. Giles Jones Gold badge

        Re: Re: I wonder...

        Oh come on, how many desktop applications ask you to access all the various APIs?

        I can write an application on OSX that reads all the address book and sends it off to a server. You can almost certainly do the same thing on Windows and Linux.

        The difference is people are more willing and naive when it comes to installing software on their phone.

        1. gerryg
          Terminator

          Re: Re: Re: I wonder...

          I can write an application on OSX that reads all the address book and sends it off to a server. You can almost certainly do the same thing on Windows and Linux.

          Yes, you certainly can for a *nix system, except for the, er, file permissions thing...

          http://www.tuxfiles.org/linuxhelp/filepermissions.html

          not sure if you are being rhetorical, obfuscatory or...

          1. Dan 55 Silver badge
            Coffee/keyboard

            @gerryg

            Does the user often set permissions on their own address book files so they can't read it themselves?

    3. TeeCee Gold badge
      Facepalm

      Re: I wonder...

      I suppose you're the sort of bloke who tips the stableboy for shutting the door after the horse has bolted?

      Of course Apple could have acted more quickly. They could have built in some basic bloody security around personal data at the start, rather than waiting for the inevitable moment when some scumbag syphoned it all off at their leisure.

      1. Anonymous Coward
        Anonymous Coward

        Re: Re: I wonder...

        Or Path could have adhered to apples terms.

        17.1 and 17.2 I believe, but oh no, apple is the villain again

        1. Anonymous Coward
          Anonymous Coward

          Re: Re: Re: I wonder...

          given the rigorous control apple exert over apps approved for use on their hardware, they are hardly blameless here, ya think?

        2. Chet Mannly

          Re: Re: Re: I wonder...

          "Or Path could have adhered to apples terms.

          17.1 and 17.2 I believe, but oh no, apple is the villain again"

          Apple supposedly vet every app before its allowed in the app store remember?

          So yeah, if they spent more time looking at security of apps, rather than censoring anything that might compete with their own apps this wouldn't have happened.

          That is, assuming they didn't allow this until it became public...

      2. SYNTAX__ERROR
        Boffin

        Re: Re: I wonder...

        Yes, it's possible on Windows too, but Oulook will prompt the user for permission and also asks how long permission should be granted for.

        1. chr0m4t1c

          @SYNTAX_ERROR

          A) Outlook isn't the only address book on Windows.

          B) It only does that for "unauthorised" programs, it's never asked me for permission when any of the Nokia sync programs access the address book for example.

          There's a difficult balance to be struck here, Outlook doesn't provide any simple way for me to make sure "authorised" programs are blocked or to permanently allow "unauthorised" programs.

          It's a headache for developers of all software (including those developing the OS) and it's a problem that most users don't care about until something like this happens and then they want someone to hang for it - but they'll completely forget about it in about a week and then complain bitterly that the enhanced security brought out as a result gets in the way.

    4. Anonymous Coward
      Anonymous Coward

      Re: I wonder...

      Way to miss the point Henry. I guess if Doenitz had had time to repeal the Nuremberg Laws before he got arrested, you'd be full of praise for him too.

    5. Chet Mannly

      Re: I wonder...

      Apple screen every app - they should have already known before the app hit the app store.

      They reacted quickly to bad publicity, that's all. They happily allowed developers to swipe as much data as they pleased until they got found out!

  2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    I wonder how existing apps will react to a user saying no, will they throw an exception or will the system return a fake empty contacts list..

    By the way the "make this even better" bit tickled the author because it was quoted out of context. The full statement is:

    "Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

    Now the "even better" bit is obviously referring to the fact that there were guidelines in place already, which the developers didn't follow. This policy now adds an actual enforcement step.

    1. Anonymous Coward
      Anonymous Coward

      I assume iOS will return an empty address book if access is denied. No reason to break apps unnecessarily.

      1. Destroy All Monsters Silver badge
        Mushroom

        There are far better options.

        http://docs.oracle.com/javase/1.4.2/docs/api/java/security/AccessControlException.html

        1. Doogie1

          Re: There are far better options.

          That's not any better if the application doesn't handle the exception, it will just crash. Far better to return an empty contact list.

    2. Steve Knox
      Trollface

      It cannot be!

      "Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines”

      But Apple inspects EVERY APP that is submitted to their App Store. How could one that violates their guidelines possibly have gotten through?

      Could it be that Apple's "walled garden" is more of a house of cards?

      1. Anonymous Coward
        Anonymous Coward

        Re: It cannot be!

        Hahah now people complain Apple isn't ENOUGH of a walled garden. Better get some blast-proof concrete on those walls.

        Apple doesn't get the source code for the app, nor do they check the behaviour of every function call the app makes. Apps are approved as long as they conform to the official APIs and - from the user's perspective - follow the rules.

        The contacts list stuff were all part of the official API every since iOS 2(actually called iPhone OS, back when app developers had morals)

        That's why app reviews take less than a week and not months.

        1. Doogie1

          Re: Re: It cannot be!

          "Apple doesn't get the source code for the app, nor do they check the behaviour of every function call the app makes. Apps are approved as long as they conform to the official APIs and - from the user's perspective - follow the rules."

          Maybe not but it would be trivial to have a tool that flagged access to certain APIs (contacts and location for a start) and if the use is not appropriate request clarification from the developer. I assumed this is what Apple did. If not what are they doing for their money?

        2. SYNTAX__ERROR
          Alert

          Re: Re: It cannot be! @ AC 00:44

          Apple most certainly do see the source code for every app submitted.

          1. Anonymous Coward
            Anonymous Coward

            Re: Re: Re: It cannot be! @ AC 00:44

            > Apple most certainly do see the source code for every app submitted.

            No, they don't.

            1. This post has been deleted by its author

    3. Geoff Campbell
      Pirate

      Apple have guidelines stating that apps shouldn't behave this way. Apple vet every app that makes it into the App Store. These apps do not conform to the Apple guidelines.

      Am I the only one seeing a problem here?

      GJC

  4. Jean-Luc
    Boffin

    Why not take a page out of Android?

    Isn't there an Android mechanism for allowing apps access to system resources on an apps by apps basis?

    Let me decide if a given app needs access to something (Address Book, SMS, etc...). And put requirements in the Apps Store so that I don't buy an app that I end up not being comfortable with.

    And for the 99.5% who don't care, provide a user-configurable system default access that says "any app can/can not access features X, Y and Z". Now, I realize that it may take a while, but surely could be in iOS6.

    Problem solved.

    But don't tell me it can't be enforced by the OS and platform and that I should rely on trusting the devs because I don't buy that.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why not take a page out of Android?

      > Isn't there an Android mechanism for allowing apps access to system resources on an apps by apps basis?

      Not really, at least not in the original firmware.

      You can only decide to install the app or not based not he permissions the app says it needs. If you don't like the permissions you can't install the app. It doesn't let you selectively enable or disable permissions.

    2. Doogie1
      FAIL

      Re: Why not take a page out of Android?

      That's also assuming the application doesn't just use one the known Android exploits to bypass the permissions system completely.

  5. Anonymous Coward
    FAIL

    If only Apple had Android-like permissions...

    They wouldn't be in this PR disaster....

    1. Anonymous Coward
      Anonymous Coward

      Re: If only Apple had Android-like permissions...

      What's so great about permissions if the only thing you can do about them is not install the app?

      The reality is that ALL users of Path, Facebook, Twitter, Foursquare, etc on Android would have had to accept this wether they liked it or not.

      1. Anonymous Coward
        Anonymous Coward

        Re: Re: If only Apple had Android-like permissions...

        Then use Cyanogen, you can block permissions to specific apps on an app-by-app basis then..

      2. TeeCee Gold badge
        WTF?

        Re: Re: If only Apple had Android-like permissions...

        "What's so great about permissions if the only thing you can do about them is not install the app?"

        If an app requires permission to access your address book, when you know damned well it doesn't need to for any purpose associated with its core functionality, then the best course of action is not to install it!

        1. Shakje

          @TeeCee

          But what if it's a borderline case where accessing the address book isn't core functionality but can offer added functionality to users?

          E.g. Facebook. How many people are quite happy to trust FB (rightly or wrongly) to not do anything nefarious with their data, particularly their address book? And for all intents and purposes, it just saves you the time of adding your contacts manually, so why not allow the extra functionality for those who want it? But what if people don't want it to access their address book, but do want to update things easily on an app designed for their mobile? Do you honestly think it's good to get people into the mindset of "well it said that I could choose for it not to access my address book, so I'll just give it permission to so that I can install it"? It's far better to allow people to install apps and then prevent the usage of certain functionality if the user doesn't want it (on an OS level) rather than make the user decide between some functionality that they want, but something that they don't.

      3. Chet Mannly

        Re: Re: If only Apple had Android-like permissions...

        "What's so great about permissions if the only thing you can do about them is not install the app?"

        Simply choose an app that does what you want that doesn't require that permission - there's well over 2 dozen facebook apps for example with varying permission levels. After all, it doesn't to read the phone contact list to access your FB contacts.

        That's the beauty of a free market - whether it be android, symbian or whatever - better to have choice, and to be informed than to find out after your data is already gone!

      4. Jean-Luc

        Re: Re: If only Apple had Android-like permissions...

        But, if the system actually enforced ACL based on resource usage, with a rejection & store blacklisting if the intent to use was not disclosed in meta-data, then it would be up to the user to decide whether or not to install an app. Even better would be need to have/nice to have app requirements.

        Which is way better than installing apps that run wild on what is really very private hardware.

        FB, for all its usual complaints about them, may actually have valid reasons to scan your address book data. Or at least you might decide it would.

        But a Tetris clone requiring premium-number SMS capability would be a fishy creature indeed.

    2. Anonymous Coward
      Anonymous Coward

      Re: If only Apple had Android-like permissions...

      Not really. Looking at the list of Android permissions, the only things that iOS apps are allowed to do anyway is get your location and read your contact list, and getting your location gives you a dialog box prompt.

      Frankly I prefer it this way. My Android-using friends tell me that most apps require permissions that they have no business requiring. I would rather use a system where apps are much more locked-down.

    3. Anonymous Coward
      Anonymous Coward

      Re: If only Apple had Android-like permissions...

      What about the pre installed applications? A lot of Android phones come with Twitter and Facebook pre installed

  6. Anonymous Coward
    Anonymous Coward

    Oh it's you

    Must be Microsoft shills fault somehow

    This is an entirely non issue. . To use an Android argument - 'Buyer be ware - don't the user know what they're phone is doing' Blah.

    Live with your stalker and all is good in your key logging malware land.

    Despite todays fix, Google Wallet is still storing and sending user info in plain text - live in your dream world

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh it's you

      I meant Shitpeas - the loon

      1. Tom Maddox Silver badge
        Paris Hilton

        Re: Oh it's you

        Here's a question for the ages: is there such a thing as an anonymous sock puppet?

    2. Anonymous Coward
      Anonymous Coward

      Re: Oh it's you

      Hope you can use a computer better than you can write "English". You must have a lot of buggy, crashing programmes and scripts, unless all you do is point and click.

  7. Anonymous Coward
    Anonymous Coward

    On Android - Only if you root

    ..and after that, only if you have a custom ROM that can block such permissions and even ads (in all fairness if you have rooted your android it's only an app away, available on the market).

    Otherwise you either grant the permission, or you won't install the software, so it's not good.

    Android must incorporate some sort of default "permission" setting, per app or system-wide.

    I do not use the Facebook app, or the official Twitter (Plume is much prettier anyway), or the 4square thing, or the Whatsapp thing, just for this reason. I've already shared my address book with Google, and that's enough exposure already.

    1. Anonymous Coward
      Anonymous Coward

      Re: On Android - Only if you root

      What app is that? Only found WhisperCore, but it's "Temporarily Unavailable".

      1. Anonymous Coward
        Anonymous Coward

        Re: Re: On Android - Only if you root

        Try LBE Privacy Guard

    2. Chet Mannly

      Re: On Android - Only if you root

      "Otherwise you either grant the permission, or you won't install the software, so it's not good."

      Just choose another app that doesn't need those permissions.

      Simple, and everyone is informed...

  8. Anonymous Coward
    Anonymous Coward

    It's about time

    I have discussed (argued about) mobile OS security with friends for years. I love the iOS model of sandboxing but the ability of apps to read your contact list has always seemed like a very bizarre exception to their security model. I don't want ANY apps reading my contact list under any circumstances.

    A year or two ago there was an app that allowed you to see a video feed from a friend's iPhone camera. Cool app but it also spammed your whole contact list with an email telling them to download the app. Absolutely unacceptable. Many people were very upset about this but unfortunately it didn't trigger a re-think on Apple's side at the time.

  9. Anonymous Coward
    Anonymous Coward

    Sorry for the stupid question but I'm on Android (SGS 2), how can I stop apps I already have from accessing my address book?

    1. Anonymous Coward
      Anonymous Coward

      The simple answer is to uninstall them.

      The more complicated answer is to completely replace your whole phone software

    2. MJG
      FAIL

      Try LBE Privacy Guard for apps that do. I've been using it for a while (mainly to stop Facebook cracking on my CM9 HP Touchpad, that requires GPS (TP doesn't have TP)). Allows a lot of fine grained control over it. Works very well!

      Some apps DO require contact list access to work properly (backup apps being the main one that springs to mind), but most don't but a lot do request it. Amazing that Apple allowed apps access to this in the first place without specific reasons from the developer. Amazing that people feel safe in their walled garden. I know my contact list is shared with Google (am aware, but don't really like), I can stop other apps accessing it, but it seems in the 'Walled Garden' no one knows who's had access... Could any game have been installed that requires your contact list without notifying you... Amazing....

      1. LoJamz
        Stop

        I've never trusted LBE Privacy Guard

        I just can't bring myself to install a PRIVACY app originating from China...

        1. Doogie1
          Alert

          Re: I've never trusted LBE Privacy Guard

          What could possibly go wrong? It's not like you need to grant it root access or anything....

  10. Mephistro
    Mushroom

    So, where are the judges? Where are the cops? Where is the friggin FBI?

    In most of the World taking personal data from a computing device and using/sending it without the owner's permission/knowledge is a serious offence or a crime . We have been watching this kind of crap happening very often lately, be it by Apple, Google, MS, and lots of other companies, with said companies getting a slap in the wrist at most . This situation, IMHO, proves two things:

    - Law enforcement and the court system have a soft spot for big companies, the bigger the company, the softer the spot. Acts that would have landed an individual in jail for several years are paid for by infringing companies with a fine that is usually peanuts compared with the earnings they made committing the offence, and nobody ever goes to prison. There are examples of this not only in IT, but also on Big Pharma, Banking, Big Media...

    - Law enforcement and the justice system's role nowadays is to protect a privileged few from the unprivileged majority of citizens. Every major player in the game -politicians, media, industry... - looks the other way, regardless of the harm done to Society as a whole.

    This can't go on forever, and has to en somehow. Hence the icon :-(

    1. Anonymous Coward
      Anonymous Coward

      Re: So, where are the judges? Where are the cops? Where is the friggin FBI?

      The problem isn't the big companies, those usually warn or ask you for permission before doing this.

      Eg the Facebook app shows a big notice about this if you ask it to sync your phone book. Twitter only sent your contacts when you choose to find friends.

      The problem was with apps from smaller companies/startups who didn't.

      However I believe none of the apps mentioned had any actual bad intentions with the data, it just made it easy to add contacts - every social network recommends people you may know.

      The whole issue was overblown because one of the companies, Path, is funded by the startup fund Crunchfund and a small group of journo hacks had a grudge with them. In response, another group of hacks with interests in Crunchfund went into "save face" mode by accusing everyone else.

      So there isn't much more to this story than two groups of journalists with deeply vested interests battling it out.

      That's what's actually very wrong in all this, journalists with vested interests. But who can stop them?

  11. Anonymous Coward
    Anonymous Coward

    "an incestuous investor-blogger culture in Silicon Valley."

    No! Who would have suspected that?

    Whatever next, rumours of insider trading in the City?

  12. dssf

    Vault, vault, vault

    At least 3 or 4 tmes here in theregiser i bitched and moaned about our address books being plundered. Right from he start google could have and SHOULD HAVE bult vaults around every address book entry and firewalled off our contacts. But, no, they DID do harm by unlaterally allowing it, or by cowering to indusry and law enforcement. (Maybe all that bitching is why my phone keyboard lags and why i suspect i am being keysroked by multiple parties.....)

  13. Keep Refrigerated
    Holmes

    Now do something for Android

    Yes the permission system is transparent for the most part, but when I was using LBE Privacy Guard I uninstalled Facebook app for this very reason. An update came one day and since then the FB app was requesting access to my address book on an hourly basis at all times when I wasn't running it.

    I guess most users, like I did, assume that when an app requests permission to access contacts, they think its so you can merge with your offline address book. I don't recall anything about raiding the address book for those offline contacts to upload to their servers.

    The permission system needs fixing, and like another commentard already floated the idea; the address book should be sealed off, it should only allow injection of contacts and ask for specific uploads.

    1. Ian Yates

      Re: Now do something for Android

      Hmm... but what about GoSMS that has to read the phone number and name of every contact in order to show those details against the SMSs and allow you to pick recipients? Or K9Mail that needs the email and name of every contact so that it can autocomplete email addresses as you type?

      A better idea is for LBE to be baked in to Android and drop the "all-or-nothing" approach when installing from the market, and permission escalation requests should have a short description on what they're doing with the data.

      Every app will need to be designed so that if they want something denied to them, they gracefully fail.

      1. Anonymous Coward
        Anonymous Coward

        Agreed - I've written apps for Android and there's no reason why a resource such as the address book or net connection can't be checked for access and then requested if it's not available.

        If permission isn't given, then fail gracefully. If it is given, then remember it for next time (or allow it to be remembered) this sort of thing would be needed often enough it would be worth Android having an API to handle the request box and and a 'remember this' tick box on a per-app basis automatically.

        Internet and GPS may be turned off or unavailable on a phone at anytime, so developers are doing this anyway, just extend it for every permission. It'll make for more robust software.

      2. Chet Mannly

        Re: Re: Now do something for Android

        "Hmm... but what about GoSMS that has to read the phone number and name of every contact in order to show those details against the SMSs and allow you to pick recipients? Or K9Mail that needs the email and name of every contact so that it can autocomplete email addresses as you type?"

        LBE allows/denies access to contact list, data connection etc on an app by app basis.

        so you could allow GoSMS access to your contact list while denying every other app, and deny GoSMS a data connection (so it can read the list, but can't send it anywhere...)

  14. dssf

    see this

    http://www.mercurynews.com/business/ci_19974171?source=most_viewed

    Smome of this may be redundant..

  15. JassMan Silver badge

    Who owns the data?

    My email address is on my mates iPad. It is there because I implicitly allow him to send emails to me. However, that address is MY private data. I object to Apple allowing any app to suck it up for any purpose. I don't want emails from the app writers nor whovever they have have sold the list of illicit data to. I think it is time for the UK gov to start a class action on my behalf and sue Apple for say £1Trillion. That should fix the budget deficit nicely thank you.

    1. Anonymous Coward
      Anonymous Coward

      Re: Who owns the data?

      "class action"? Wrong legal system, wrong country. You need to start reading and watching British media to find out where you live and its systems, like lots of twits on here.who purport to be British, but write as if they live under American laws.

      1. David Black
        WTF?

        Re: Re: Who owns the data?

        Er, Class Actions are possible in the UK, I was part of one against RBS for misselling. The only difference is that in the UK, the "Class" of claimants has to form itself and each has to opt-in. In the US a body (government, State or even big law firms) can take action on behalf of the group without having to identify all claimants. MAYBE before you flame, you could check Wikipedia...

        1. Anonymous Coward
          Anonymous Coward

          Re: Re: Re: Who owns the data?

          'MAYBE before you flame, you could check Wikipedia...'

          Really?

        2. PJI
          FAIL

          Re: Re: Re: Who owns the data?

          Wikipedia? Are you serious that that is your legal reference?

          Anyway, you seem to support AC after a fashion: it is significantly different from USA law, as one should expect. So, he is to a large extent right: check your own nationality rather than that of the most recent television show or report.

      2. Chet Mannly

        Re: Re: Who owns the data?

        ""class action"? Wrong legal system, wrong country. You need to start reading and watching British media to find out where you live"

        His friend could very easily live in the US, as the alleged crime occurred there a class action would be done there.

        1. Anonymous Coward
          Anonymous Coward

          Comprehension

          He suggests the UK government explicitly.

    2. Anonymous Coward
      Anonymous Coward

      Re: Who owns the data?

      Under current UK data protection law I believe your mate is responsible. Tell him he owes you a pint!

    3. Wize
      Flame

      Re: Who owns the data?

      That was the first problem that entered my mind when I was reading about Twitter fessing up to doing it on BBC News. It doesn't matter what I do to protect my phone from having its information stolen, there will be some computer illiterate friend who has my name, phone number, email address, postal address, birthday, etc stored in one place and one of these 'reputable' companies will come along and slurp up my details.

      Twitter has just said sorry about doing it. Will they really prove how sorry they are by deleting all the data they stole? I'm not holding my breath.

  16. Ken Hagan Gold badge

    Naming and shaming

    “Privacy law is a waste of space, since it doesn’t protect privacy; public outrage is our only protection”, Clarke said.

    This would appear to apply to the Foxconn workforce, too. (http://www.theregister.co.uk/2012/02/13/apple_fla_inspection/) The inspections may come to nothing, but they certainly wouldn't be happening if Apple hadn't been brow-beaten over the last year or so.

    1. Anonymous Coward
      Anonymous Coward

      Re: Naming and shaming

      Yes, but only Apple seems to get the heat each time. People complain now, but Apple may soon become the one and only tech company who does respect their workforce and user privacy.

      Good for Apple users but what about the rest?

      1. Anonymous Coward
        Anonymous Coward

        Re: Re: Naming and shaming

        "Yes, but only Apple seems to get the heat each time"

        They know that everyone else just copies Apple anyway so it saves them time.

  17. Kevin Fairhurst

    Whether it's iOS or Android...

    Anything using "private" data (GPS, contacts, SMS database, etc) should have to request permissions for each item individually, not in an "all or nothing" approach. You should be able to e.g. block GPS from FaceBook but keep it for Twitter if you so wish, without having to opt to not install any particular app.

    The problem you end up having is you can have a request saying "Allow app access to address book?" with a "Yes" or "No" but then you need to ensure you have the "Remember this for next time?" checkbox, as well as a way to revoke these permissions at a later date if you foolishly opt in to giving your data to FaceBook now but then want it taken away in future...

    And then you get another problem. If I revoke permissions on the app on my phone, I want that communicated back to FaceBook so that they delete all the data they have slurped previously. How long before that actually starts happening? Or will they insist that once you have provided that data, tough?

    1. Cameron Colley

      Re: Whether it's iOS or Android...

      I think annoying popups are just the price of privacy and those who are too lazy to pay ought not to dictate the way things work. A workaround would be to ask on initialisation of the phone whether you want to be asked every time whilst being pointed to where you can change the settings at any time. iOS, for example, allows notifications to be configured on an app by app basis and I'm sure this cold be extended to access.

      As things stand I am beginning to wonder which OS to choose for my next phone since Apple don't have a permission model for everything and have proved they don't vet apps, and Google permissions model is so all-or-nothing it seems designed to force you to hand permissions to the kitchen sink for any app you install.

    2. Chet Mannly

      Re: Whether it's iOS or Android...

      "Anything using "private" data (GPS, contacts, SMS database, etc) should have to request permissions for each item individually, not in an "all or nothing" approach. You should be able to e.g. block GPS from FaceBook but keep it for Twitter if you so wish, without having to opt to not install any particular app.

      The problem you end up having is you can have a request saying "Allow app access to address book?" with a "Yes" or "No" but then you need to ensure you have the "Remember this for next time?" checkbox,"

      LBE Privacy guard (Android) ticks all of those boxes.

      You can block location requests, phone identification details (IMEI), contact list, data connection access etc etc. Also lets you know when an app is trying to access something and you can deny it once, or tick the little box to deny from that point on - dead easy.

      Not associated with LBE in any way, just a satisfied customer...

      1. Kevin Fairhurst
        FAIL

        Re: Re: Wind: Whether it's iOS or Android...

        Can LBE Privacy Guard be installed on *any* android phone straight out of the box, and work with immediate effect, or do you need to root it first (i.e. is it an all-users or a techie-users approach)?

        If you need to root the phone to get this kind of functionality, then Android is as bad as iOS. I'm sure if you jailbreak you can find something on the cydia store to enforce similair permissions, but this stuff needs to be baked in to the operating system!

        And it still doesn't allow you to revoke permissions and have all previously captured data deleted...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021