I wonder...
I wonder how many Windows Phone, Android, Blackberry etc apps have routinely done this for years too?
Apple have done the right thing. They couldn't have acted much more quickly could they!
Apple – arguably a villain in the “Path copies your address book” brouhaha – has, under pressure from US lawmakers, decided to require that apps prompt users before accessing their address book data. According to Reuters, the decision came after members of the US House Energy and Commerce committee asked Apple to provide the …
Don't know about the rest but Android apps state what permissions they need in the market place. Unfortunately it seems developers go the whole hog there too - most apps I saw when I was an Android user required access to far more than was necessary.
Weirdly, I recall J2ME apps had permission levels such as these that had to all be approved by the user. Not sure how we took a step backwards there..
The reason for this is easy to see: J2ME came from mobile phone industry side and systems such as Symbian, while iOS and Android were both born in the IT and desktop computing side of things.
On the computing side applications have been free to query this sort of data freely, without requesting ANY permission, so this same behaviour got transferred over without anyone really blinking an eye over it.
Now, in light of this, should desktop system also change?
Oh come on, how many desktop applications ask you to access all the various APIs?
I can write an application on OSX that reads all the address book and sends it off to a server. You can almost certainly do the same thing on Windows and Linux.
The difference is people are more willing and naive when it comes to installing software on their phone.
I can write an application on OSX that reads all the address book and sends it off to a server. You can almost certainly do the same thing on Windows and Linux.
Yes, you certainly can for a *nix system, except for the, er, file permissions thing...
http://www.tuxfiles.org/linuxhelp/filepermissions.html
not sure if you are being rhetorical, obfuscatory or...
I suppose you're the sort of bloke who tips the stableboy for shutting the door after the horse has bolted?
Of course Apple could have acted more quickly. They could have built in some basic bloody security around personal data at the start, rather than waiting for the inevitable moment when some scumbag syphoned it all off at their leisure.
"Or Path could have adhered to apples terms.
17.1 and 17.2 I believe, but oh no, apple is the villain again"
Apple supposedly vet every app before its allowed in the app store remember?
So yeah, if they spent more time looking at security of apps, rather than censoring anything that might compete with their own apps this wouldn't have happened.
That is, assuming they didn't allow this until it became public...
A) Outlook isn't the only address book on Windows.
B) It only does that for "unauthorised" programs, it's never asked me for permission when any of the Nokia sync programs access the address book for example.
There's a difficult balance to be struck here, Outlook doesn't provide any simple way for me to make sure "authorised" programs are blocked or to permanently allow "unauthorised" programs.
It's a headache for developers of all software (including those developing the OS) and it's a problem that most users don't care about until something like this happens and then they want someone to hang for it - but they'll completely forget about it in about a week and then complain bitterly that the enhanced security brought out as a result gets in the way.
This post has been deleted by its author
I wonder how existing apps will react to a user saying no, will they throw an exception or will the system return a fake empty contacts list..
By the way the "make this even better" bit tickled the author because it was quoted out of context. The full statement is:
"Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
Now the "even better" bit is obviously referring to the fact that there were guidelines in place already, which the developers didn't follow. This policy now adds an actual enforcement step.
"Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines”
But Apple inspects EVERY APP that is submitted to their App Store. How could one that violates their guidelines possibly have gotten through?
Could it be that Apple's "walled garden" is more of a house of cards?
Hahah now people complain Apple isn't ENOUGH of a walled garden. Better get some blast-proof concrete on those walls.
Apple doesn't get the source code for the app, nor do they check the behaviour of every function call the app makes. Apps are approved as long as they conform to the official APIs and - from the user's perspective - follow the rules.
The contacts list stuff were all part of the official API every since iOS 2(actually called iPhone OS, back when app developers had morals)
That's why app reviews take less than a week and not months.
"Apple doesn't get the source code for the app, nor do they check the behaviour of every function call the app makes. Apps are approved as long as they conform to the official APIs and - from the user's perspective - follow the rules."
Maybe not but it would be trivial to have a tool that flagged access to certain APIs (contacts and location for a start) and if the use is not appropriate request clarification from the developer. I assumed this is what Apple did. If not what are they doing for their money?
This post has been deleted by its author
Isn't there an Android mechanism for allowing apps access to system resources on an apps by apps basis?
Let me decide if a given app needs access to something (Address Book, SMS, etc...). And put requirements in the Apps Store so that I don't buy an app that I end up not being comfortable with.
And for the 99.5% who don't care, provide a user-configurable system default access that says "any app can/can not access features X, Y and Z". Now, I realize that it may take a while, but surely could be in iOS6.
Problem solved.
But don't tell me it can't be enforced by the OS and platform and that I should rely on trusting the devs because I don't buy that.
> Isn't there an Android mechanism for allowing apps access to system resources on an apps by apps basis?
Not really, at least not in the original firmware.
You can only decide to install the app or not based not he permissions the app says it needs. If you don't like the permissions you can't install the app. It doesn't let you selectively enable or disable permissions.
"What's so great about permissions if the only thing you can do about them is not install the app?"
If an app requires permission to access your address book, when you know damned well it doesn't need to for any purpose associated with its core functionality, then the best course of action is not to install it!
But what if it's a borderline case where accessing the address book isn't core functionality but can offer added functionality to users?
E.g. Facebook. How many people are quite happy to trust FB (rightly or wrongly) to not do anything nefarious with their data, particularly their address book? And for all intents and purposes, it just saves you the time of adding your contacts manually, so why not allow the extra functionality for those who want it? But what if people don't want it to access their address book, but do want to update things easily on an app designed for their mobile? Do you honestly think it's good to get people into the mindset of "well it said that I could choose for it not to access my address book, so I'll just give it permission to so that I can install it"? It's far better to allow people to install apps and then prevent the usage of certain functionality if the user doesn't want it (on an OS level) rather than make the user decide between some functionality that they want, but something that they don't.
"What's so great about permissions if the only thing you can do about them is not install the app?"
Simply choose an app that does what you want that doesn't require that permission - there's well over 2 dozen facebook apps for example with varying permission levels. After all, it doesn't to read the phone contact list to access your FB contacts.
That's the beauty of a free market - whether it be android, symbian or whatever - better to have choice, and to be informed than to find out after your data is already gone!
But, if the system actually enforced ACL based on resource usage, with a rejection & store blacklisting if the intent to use was not disclosed in meta-data, then it would be up to the user to decide whether or not to install an app. Even better would be need to have/nice to have app requirements.
Which is way better than installing apps that run wild on what is really very private hardware.
FB, for all its usual complaints about them, may actually have valid reasons to scan your address book data. Or at least you might decide it would.
But a Tetris clone requiring premium-number SMS capability would be a fishy creature indeed.
Not really. Looking at the list of Android permissions, the only things that iOS apps are allowed to do anyway is get your location and read your contact list, and getting your location gives you a dialog box prompt.
Frankly I prefer it this way. My Android-using friends tell me that most apps require permissions that they have no business requiring. I would rather use a system where apps are much more locked-down.
Must be Microsoft shills fault somehow
This is an entirely non issue. . To use an Android argument - 'Buyer be ware - don't the user know what they're phone is doing' Blah.
Live with your stalker and all is good in your key logging malware land.
Despite todays fix, Google Wallet is still storing and sending user info in plain text - live in your dream world
..and after that, only if you have a custom ROM that can block such permissions and even ads (in all fairness if you have rooted your android it's only an app away, available on the market).
Otherwise you either grant the permission, or you won't install the software, so it's not good.
Android must incorporate some sort of default "permission" setting, per app or system-wide.
I do not use the Facebook app, or the official Twitter (Plume is much prettier anyway), or the 4square thing, or the Whatsapp thing, just for this reason. I've already shared my address book with Google, and that's enough exposure already.
I have discussed (argued about) mobile OS security with friends for years. I love the iOS model of sandboxing but the ability of apps to read your contact list has always seemed like a very bizarre exception to their security model. I don't want ANY apps reading my contact list under any circumstances.
A year or two ago there was an app that allowed you to see a video feed from a friend's iPhone camera. Cool app but it also spammed your whole contact list with an email telling them to download the app. Absolutely unacceptable. Many people were very upset about this but unfortunately it didn't trigger a re-think on Apple's side at the time.
Try LBE Privacy Guard for apps that do. I've been using it for a while (mainly to stop Facebook cracking on my CM9 HP Touchpad, that requires GPS (TP doesn't have TP)). Allows a lot of fine grained control over it. Works very well!
Some apps DO require contact list access to work properly (backup apps being the main one that springs to mind), but most don't but a lot do request it. Amazing that Apple allowed apps access to this in the first place without specific reasons from the developer. Amazing that people feel safe in their walled garden. I know my contact list is shared with Google (am aware, but don't really like), I can stop other apps accessing it, but it seems in the 'Walled Garden' no one knows who's had access... Could any game have been installed that requires your contact list without notifying you... Amazing....
In most of the World taking personal data from a computing device and using/sending it without the owner's permission/knowledge is a serious offence or a crime . We have been watching this kind of crap happening very often lately, be it by Apple, Google, MS, and lots of other companies, with said companies getting a slap in the wrist at most . This situation, IMHO, proves two things:
- Law enforcement and the court system have a soft spot for big companies, the bigger the company, the softer the spot. Acts that would have landed an individual in jail for several years are paid for by infringing companies with a fine that is usually peanuts compared with the earnings they made committing the offence, and nobody ever goes to prison. There are examples of this not only in IT, but also on Big Pharma, Banking, Big Media...
- Law enforcement and the justice system's role nowadays is to protect a privileged few from the unprivileged majority of citizens. Every major player in the game -politicians, media, industry... - looks the other way, regardless of the harm done to Society as a whole.
This can't go on forever, and has to en somehow. Hence the icon :-(
The problem isn't the big companies, those usually warn or ask you for permission before doing this.
Eg the Facebook app shows a big notice about this if you ask it to sync your phone book. Twitter only sent your contacts when you choose to find friends.
The problem was with apps from smaller companies/startups who didn't.
However I believe none of the apps mentioned had any actual bad intentions with the data, it just made it easy to add contacts - every social network recommends people you may know.
The whole issue was overblown because one of the companies, Path, is funded by the startup fund Crunchfund and a small group of journo hacks had a grudge with them. In response, another group of hacks with interests in Crunchfund went into "save face" mode by accusing everyone else.
So there isn't much more to this story than two groups of journalists with deeply vested interests battling it out.
That's what's actually very wrong in all this, journalists with vested interests. But who can stop them?
At least 3 or 4 tmes here in theregiser i bitched and moaned about our address books being plundered. Right from he start google could have and SHOULD HAVE bult vaults around every address book entry and firewalled off our contacts. But, no, they DID do harm by unlaterally allowing it, or by cowering to indusry and law enforcement. (Maybe all that bitching is why my phone keyboard lags and why i suspect i am being keysroked by multiple parties.....)
Yes the permission system is transparent for the most part, but when I was using LBE Privacy Guard I uninstalled Facebook app for this very reason. An update came one day and since then the FB app was requesting access to my address book on an hourly basis at all times when I wasn't running it.
I guess most users, like I did, assume that when an app requests permission to access contacts, they think its so you can merge with your offline address book. I don't recall anything about raiding the address book for those offline contacts to upload to their servers.
The permission system needs fixing, and like another commentard already floated the idea; the address book should be sealed off, it should only allow injection of contacts and ask for specific uploads.
Hmm... but what about GoSMS that has to read the phone number and name of every contact in order to show those details against the SMSs and allow you to pick recipients? Or K9Mail that needs the email and name of every contact so that it can autocomplete email addresses as you type?
A better idea is for LBE to be baked in to Android and drop the "all-or-nothing" approach when installing from the market, and permission escalation requests should have a short description on what they're doing with the data.
Every app will need to be designed so that if they want something denied to them, they gracefully fail.
Agreed - I've written apps for Android and there's no reason why a resource such as the address book or net connection can't be checked for access and then requested if it's not available.
If permission isn't given, then fail gracefully. If it is given, then remember it for next time (or allow it to be remembered) this sort of thing would be needed often enough it would be worth Android having an API to handle the request box and and a 'remember this' tick box on a per-app basis automatically.
Internet and GPS may be turned off or unavailable on a phone at anytime, so developers are doing this anyway, just extend it for every permission. It'll make for more robust software.
"Hmm... but what about GoSMS that has to read the phone number and name of every contact in order to show those details against the SMSs and allow you to pick recipients? Or K9Mail that needs the email and name of every contact so that it can autocomplete email addresses as you type?"
LBE allows/denies access to contact list, data connection etc on an app by app basis.
so you could allow GoSMS access to your contact list while denying every other app, and deny GoSMS a data connection (so it can read the list, but can't send it anywhere...)
My email address is on my mates iPad. It is there because I implicitly allow him to send emails to me. However, that address is MY private data. I object to Apple allowing any app to suck it up for any purpose. I don't want emails from the app writers nor whovever they have have sold the list of illicit data to. I think it is time for the UK gov to start a class action on my behalf and sue Apple for say £1Trillion. That should fix the budget deficit nicely thank you.
Er, Class Actions are possible in the UK, I was part of one against RBS for misselling. The only difference is that in the UK, the "Class" of claimants has to form itself and each has to opt-in. In the US a body (government, State or even big law firms) can take action on behalf of the group without having to identify all claimants. MAYBE before you flame, you could check Wikipedia...
Wikipedia? Are you serious that that is your legal reference?
Anyway, you seem to support AC after a fashion: it is significantly different from USA law, as one should expect. So, he is to a large extent right: check your own nationality rather than that of the most recent television show or report.
That was the first problem that entered my mind when I was reading about Twitter fessing up to doing it on BBC News. It doesn't matter what I do to protect my phone from having its information stolen, there will be some computer illiterate friend who has my name, phone number, email address, postal address, birthday, etc stored in one place and one of these 'reputable' companies will come along and slurp up my details.
Twitter has just said sorry about doing it. Will they really prove how sorry they are by deleting all the data they stole? I'm not holding my breath.
“Privacy law is a waste of space, since it doesn’t protect privacy; public outrage is our only protection”, Clarke said.
This would appear to apply to the Foxconn workforce, too. (http://www.theregister.co.uk/2012/02/13/apple_fla_inspection/) The inspections may come to nothing, but they certainly wouldn't be happening if Apple hadn't been brow-beaten over the last year or so.
Anything using "private" data (GPS, contacts, SMS database, etc) should have to request permissions for each item individually, not in an "all or nothing" approach. You should be able to e.g. block GPS from FaceBook but keep it for Twitter if you so wish, without having to opt to not install any particular app.
The problem you end up having is you can have a request saying "Allow app access to address book?" with a "Yes" or "No" but then you need to ensure you have the "Remember this for next time?" checkbox, as well as a way to revoke these permissions at a later date if you foolishly opt in to giving your data to FaceBook now but then want it taken away in future...
And then you get another problem. If I revoke permissions on the app on my phone, I want that communicated back to FaceBook so that they delete all the data they have slurped previously. How long before that actually starts happening? Or will they insist that once you have provided that data, tough?
I think annoying popups are just the price of privacy and those who are too lazy to pay ought not to dictate the way things work. A workaround would be to ask on initialisation of the phone whether you want to be asked every time whilst being pointed to where you can change the settings at any time. iOS, for example, allows notifications to be configured on an app by app basis and I'm sure this cold be extended to access.
As things stand I am beginning to wonder which OS to choose for my next phone since Apple don't have a permission model for everything and have proved they don't vet apps, and Google permissions model is so all-or-nothing it seems designed to force you to hand permissions to the kitchen sink for any app you install.
"Anything using "private" data (GPS, contacts, SMS database, etc) should have to request permissions for each item individually, not in an "all or nothing" approach. You should be able to e.g. block GPS from FaceBook but keep it for Twitter if you so wish, without having to opt to not install any particular app.
The problem you end up having is you can have a request saying "Allow app access to address book?" with a "Yes" or "No" but then you need to ensure you have the "Remember this for next time?" checkbox,"
LBE Privacy guard (Android) ticks all of those boxes.
You can block location requests, phone identification details (IMEI), contact list, data connection access etc etc. Also lets you know when an app is trying to access something and you can deny it once, or tick the little box to deny from that point on - dead easy.
Not associated with LBE in any way, just a satisfied customer...
Can LBE Privacy Guard be installed on *any* android phone straight out of the box, and work with immediate effect, or do you need to root it first (i.e. is it an all-users or a techie-users approach)?
If you need to root the phone to get this kind of functionality, then Android is as bad as iOS. I'm sure if you jailbreak you can find something on the cydia store to enforce similair permissions, but this stuff needs to be baked in to the operating system!
And it still doesn't allow you to revoke permissions and have all previously captured data deleted...