How iPhone Apps Steal Your Contact Data…and Why You Can’t Stop It
- Posted on February 15, 2012 at 1:45pm by
Guest Post
- Print »
- Email »
This post originally appeared on Gizmodo by Sam Biddle.
The Internet is starting to realize something unsettling: our iPhones send information about the people we know to private servers, often without our permission. Some offending apps are fixing themselves. Some aren’t. But the underlying problem is much bigger.
(Editor’s Note: See this related Blaze article: iPhone app downloaded all your contacts without permission…then apologizes)
Apple allows any app to access your address book at any time — it‘s built into the iPhone’s core software. The idea is to make using these apps more seamless and magical, in that you won’t have dialog boxes popping up in your face all the time, the way Apple zealously guards your location permissions at an OS level—because fewer clicks mean a more graceful experience, right? Maybe, but the consequence is privacy shivved and consent nullified. Even Steve Jobs thinks so. Your phone makes decisions about what’s okay to share with a company, whose motivation is, ultimately, making money, without consulting you first.
Once you peel back that pretty skin of your phone and observe the software at work — we used a proxy application called Charles — watching the data that jumps between your phone and a remote server is plain. A little too plain. What can we see?
As Paul Haddad, the developer behind the popular Twitter client TapBot pointed out to me, some of App Store’s shiniest celebrities are among those that beam away your contact list in order to make hooking up with other friends who use the app smoother. From Haddad’s own findings:
Foursquare (Email, Phone Numbers no warning)
Path (Pretty much everything after warning)
Instagram (Email, Phone Numbers, First, Last warning)
Facebook (Email, Phone Numbers, First, Last warning)
Twitter for iOS (Email, Phone Numbers, warning)
Voxer (Email, First, Last, Phone numbers, warning)
Foursquare and Instagram have both recently updated to provide a much clearer warning of what you’re about to share. Which every single app should follow, providing clear warnings before they touch your contacts. But plenty of apps aren’t so generous. “A lot of other popular social networking apps send some data,” says Haddad, “mostly names, emails, phone numbers.” Instapaper, for example, transmits your address book’s email listings when you ask it to “search contacts” to connect with other friends using the app. The app never makes it clear that my data (shown up top) is leaving the phone—and once it‘s out of your hands and in Instagram’s, all you can do is trust that it’ll be handled responsibly. You know, like not be stored permanently without your knowledge.
Trust is all we’ve got, and that’s not good. “Once the data is out of your device there’s no way to tell what happens to it,” explains Haddad. Companies might do the decent thing and delete your data immediately. Like Foursquare, which says it doesn’t store your data at all after matching your friends, and never has. Twitter keeps your address book data for 18 months “to make it easy for you and your contacts to discover each other on Twitter after you’ve signed up,” but you can delete the data at any time with a link at the bottom of this page. Or a company might do the Path thing, storing that information indefinitely until they’re publicly shamed into doing otherwise. Or worse.
We need a solution, and goodwill on the part of app devs is going to cut it. All the ARE YOU SURE YOU WANT TO DO THIS?-dialog boxes in the world won‘t absolve Apple’s decision to hand out our address books on a pearly platter. iOS is the biggest threat to iOS — and nothing short of a major revision to the way Apple allows apps to run through your contacts should be acceptable. But is that even enough? Maybe not.
Jay Freeman, developer behind the massively popular jailbroken-iPhone program Cydia, doesn‘t think Apple’s hand is enough to definitively state who gets your address book, and when:
“Neither Apple nor the application developer is in a good position to decide that ahead of time, and due to this neither Apple‘s model of ’any app can access the address book, no app can access your recent calls’, nor Google‘s method of ’developer claims they need X, take it or leave it’ is sufficient.”
Freeman’s solution? Cydia’s “one-off modifications to the underlying operating system” that we deal in, nicely transfers this control back to the user.” In other words, we can’t trust Apple or the people that make apps—so let’s just trust ourselves to control how iOS works.
Freeman left us with one, final, disquieting note. Shrewd devs and others with the knowhow have been able to dig through app traffic to find out of they’re shoveling around your address book. But there’s no easy way to do this — and if a dev really wants to sneak your data through the door, there’s technically nothing we can do to stop him: “There are tons of complex tricks that can be used to smuggle both information in network traffic and computation itself.” It’s a problem fundamental to computer science — once the data‘s in a dev’s hands, he can conjure it away, too small to be noticed by App Store oversight in churning sea of other apps.
Unless Apple keeps him from getting that information in the first place by letting us all make informed decisions with our phone and the private life poured into it. Your move, iOS.
(Update by the Editor: CNET reports an Apple spokesman as saying apps collecting data in this way are in violation and the problem will be fixed.)
Comments (41)
Sign In To Post Comments! Sign In
Popular Stories
Does Misstated Marathon Claim Prove Paul Ryan Is Dishonest? (POLL) 695 Comments
Paper Details Obama Admin’s Alleged Secret Note Sent to Iran: If Israel Attacks, We Won’t Get Involved 510 Comments
Roseanne Barr: Most Billionaires ‘Violent Pedophiles’ & ‘Heartless’ Cocaine Addicts 353 Comments
‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 341 Comments
This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 330 Comments
Faith
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 330 Comments
Pakistani Muslim Cleric Accused of Framing Disabled Christian Girl in Koran-Burning Case Read More- ‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 341 Comments
Meet the Controversial German Imam Accused of Brutally Beating His Wife & Pushing Sharia Law Read More
‘Self-Proclaimed Messiah’ & Unification Church Leader the Rev. Sun Myung Moon Has Died — Here’s His Life Story Read More
Business
President Obama Issues Major ‘Green Energy’ Executive Order 252 Comments- Germany’s Upcoming Court Ruling Will be Huge for the EU Read More
Ford Looks to Beat Toyota for Best-Selling Car in 2012 With This Model 148 Comments
Bernanke & QE3: Here’s What You Need to Know Read More- ‘Extortion’: Why Did the Labor Department ‘Drop the Hammer’ on Oregon Farmers? 302 Comments
Technology
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 330 Comments
‘TaserDrone’: Hackers Weaponize Quadcopter With Actual ‘Shocking’ Technology Read More
Ever Heard of the Wild ‘Burning Man’ Festival in the Middle of the Nev. Desert? Here’s Your Primer Read More
Stanford Develops Technology ‘Better Than Steroids’ for Athlete Recovery Read More
Have You Pretended to Know What ‘the Cloud’ Is? You’re Not Alone Read More
Submitting your tip... please wait!
G-WHIZ
Posted on February 16, 2012 at 11:53amI have a cellphone…it only makes calls…I doNOT text or tweet…I only “do” e-mail or letters-mailed. It’s bad enough our banks-etc. occasionally get “hacked” , let-alone having my “junk” sucked into an infinate-maw of possible-ilegal activities which I cannot even check-out before useage, like, the I-fone or it’s clones. If the majority of users would just buy phone-only contracts(as I did) this would eventually dissapear. If I purchase anything larger than a small camera(etc.), I find it “on-line”, and call them on the line-fone to give them my credit# and other pertinent info. This greatly-decreases my e-footprint…give hackers/thieves less info and they will go on to the next dupe who does everything online.
Report Post »tharpdevenport
Posted on February 16, 2012 at 2:13amReminds me on the topic of privacy and cellphones, I saw the GBTV “1984” special and mentioning the cellphone, being shut and still be able to hear you and that taking the battery out was the only way.
I actually learned about this back in about 2007/2008, when George Bush was doiung some kind of gig with millitary personnel, and it was supposed to be private or some such, so every soldier had to hand over their cellphones, turn them off, and remove the battery. But apparently that doesn’t cut it! Because they they had to be put in seperate bags, and REMOVED from the room.
So I‘m guessing simply taking the battery out doesn’t fully stop spying. Possibly something to look into.
Report Post »Bronco II
Posted on February 15, 2012 at 7:19pmI don’t have an I-phone or I pad and don’t want one.I don‘t even have my cell phone on anymore it was a something I definetly can live without I lived without it before I got it and I’m still alive now that I don’t have it yes I do know how to separate my needs from my wants.I wouldn’t want to be around anyone if or when all those phone towers go down I got a taste of it when the hurricanes hit here in Fl people were besides themselves me I still had and still do have my call me old fashion LAND LINE.
Report Post »AquaBuddha
Posted on February 15, 2012 at 6:42pmIf you think android‘s don’t do the same exact thing your crazy. We have both phones and I know for a fact that the android does as the emails linked to that phone have increased with spam 1000%. Knowing Apple they will correct this asap but think that Google will never.
Report Post »TPaine
Posted on February 15, 2012 at 5:50pmFirst good idea – don’t get an i-Phone. All you tekkies out there are having so much fun that you‘re totally unaware everything you do is someone else’s information. Have fun. I don’t own an i-Phone and never will.
Second good idea – go to the local Circle-K or supermarket and buy a $10 cellphone, with absolutely NO personal information involved. Use it all you want, and pay cash for refill cards. Then, when you decide to make that one call that could get you picked up and tossed into the clink, make the call and toss the phone, preferably into a deep lake or crusher. Then buy another one.
Forget the texting crap and the browsing crap and Twitter and Angry Birds and Facebook. Use your home computer for that stuff, and no one will ever be able to trace you, follow you or entrap you.
You’ve been warned.
Report Post »DividedWeFail
Posted on February 15, 2012 at 5:08pmWhat is SAD?
Europe has stricter privacy laws than the USA.
A lot of European countries outlawed those TSA x-ray machines
A lot of European countries outlawed GROPING at the airports.
The USA is not rapidly becoming a police state with TSA and border patrol having mission creep already searching vehicles and people far beyond an airport or border.
Yet RINOs scream they want MORE safety so they approve chipping away MORE rights to make them feel safe. RINOs and liberals – go live in CHINA.
Ben Franklin “Those who give up rights for security – DESERVE NEITHER
Report Post »babylonvi
Posted on February 15, 2012 at 4:25pmReason 697 not to get an iphone.
Report Post »G-WHIZ
Posted on February 16, 2012 at 12:09pmTo: BABYLONVI: You can have an I-fone-or-clone…just have all the junk eliminated/shut-off before you sign the contract. I have a new, waterproof flipfone and I had text and other suplerfluous extras turned-off as part of my contract. The only text I receive is from my cell-co., once-a-month to let me know(in addition to a mailled-receipt) that the bill is being paid, properly. Not all my contacts are on my computer…try an antique-method…a rolodex…try and hack that with all your apps and virusses.
Report Post »THX-1138
Posted on February 15, 2012 at 4:18pmNever had any desire to be Dick Tracy. Keep ‘em.
Besides, after the EMP you won’t be able to google “How To Build A Fire Without Matches” with one anyway. (Though you may be able to get one to explode thus starting the fire for you.)
All I use my phone for is Calls, an Alarm Clock and a rather poor substitute for a flashlight…
Report Post »trueblueoldie
Posted on February 15, 2012 at 4:07pmFolks, info is power and money. Do I really have to draw a picture for you? Anything you do on the net is archived. Only a complete naif would believe that data is private. The NSA has never considered it to be so…..oh, you think that being an American citizen in a global enviroment is protected?
Report Post »tomloy
Posted on February 15, 2012 at 3:11pmOh there’s a way to stop it, just don’t have a cellphone. I don’t! They’ve got you people trained to think you need one. You don’t!!!
Report Post »USAMEDIC3008
Posted on February 15, 2012 at 3:31pmI use word of mouth( encrypted )
Report Post »pamela kay
Posted on February 16, 2012 at 2:42amTOMLOY, I don’t have one either. Never had an interest in owning one.
Report Post »pamela kay
Posted on February 16, 2012 at 2:48amTOMLOY, I do not think we have any privacy left in this country any more.
Report Post »tharpdevenport
Posted on February 15, 2012 at 2:56pmI don’t trust any cellphone made after about 2000. I have a dinocell; so old you’d think there would be giant rotary dial smack dab in the center.
Report Post »THX-1138
Posted on February 15, 2012 at 4:21pmDude! You are *so* on to something there. A rotary cell phone. I just may have to make one of those. Now, if I can just work out the texting issues….
Report Post »g123695
Posted on February 15, 2012 at 2:52pmBlaze, it gets much worse:
Report Post »http://www.wired.com/wiredscience/2011/10/iphone-keylogger-spying/
The iPhone is capable of detecting keystrokes using its accelerometers if placed next to a keyboard. Improbable, but still possible.
GhostOfJefferson
Posted on February 15, 2012 at 2:23pmSo? Don’t use an iPhone. That’s your choice, and one I highly recommend.
In fact, I go further. Unplug from the electronic prison most of you are insisting you wish to be plugged into. Learn to connect face to face again, like human beings. No information or instantaneous whiz bang neato game is worth losing your individuality and anonymity.
Report Post »moreteaplease
Posted on February 15, 2012 at 2:19pmGlad I don’t have one.
Report Post »SamIamTwo
Posted on February 15, 2012 at 2:17pmHmm doesn’t GB have an agreement with Apple for his GBTV viewership…LOL
Report Post »Micmac
Posted on February 15, 2012 at 2:15pmAnyone else have problems getting through the syntax errors in the above article? Where are the editors???? Seems to be persistent problem with this site.
This govt loves all the technology at its hands. Makes their job easier. This is why I don’t have an iPhone, and stay away from other sites. Even though I do nothing illegal, information in the hands of others is subject to interpretation.
NoBama 2012
Report Post »GhostOfJefferson
Posted on February 15, 2012 at 3:08pmTeh artikal loks gud too mee, wats you’re prblem any way?
Report Post »trueblueoldie
Posted on February 15, 2012 at 4:34pmJust think about it…..the very idea of privacy in a digital deluge of data is nonsense…..once you understand the concept of data mining, then you realize privacy no longer exists….do you really believe google, apple, and other entities ignore the power of information?
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:02pmThey knew Europe was going to go bankrupt a long time ago.
Report Post »Micmac
Posted on February 15, 2012 at 2:19pmResearch it and you will see that the dude that developed the concept of the Euro said that there would be failure with the hope that Europe’s countries would become like states in America and the EU would be the “federal” govt. This was planned.
NoBama 2012
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:25pmI don’t have to research it, because I’ve been around along time sonny.
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:49pmLet me see if I have this future correctly then. Iran is going to cut-off energy to Europe making it further that Europe has to get energy from Russia, and the U.S. The U.S will be mainly an exporter of energy with Americans lowered to common peasant energy field workers as will be South America. The Mid-East will slowly have science put back in it’s rightful place and will not export nearly as much oil, and the Mid-East will be a New Nuclear Babylon. More or less the Western Hemisphere will be suppliers of energy, and the Eastern hemisphere will consume that which is made by the western Hemisphere. I’d say that about sums it up.
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:53pmThe Eastern Hemisphere will be Atlantis, and the Western Hemisphere will be Hell.
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:58pmAnd they are going to divide up North America and South America kind of like how for the longest time they would restructure the Mid-East and Africa.
Report Post »Itsjusttim
Posted on February 15, 2012 at 3:00pmOf course Americans don’t really care do they? They’ve got football baseball to watch, and complaining about their personal problems.
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:00pmIt’s interesting that this “Grand” Theft that is getting ready to come to America‘s shores it’s not just going to affect the average American, but it’s going to affect every Federal worker all across the board, because they are going to wake-up with no money also someday.
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:05pmThey will do it in chunks so they can use workers as tools while they do it, and then lastly they will drain the money from Federal workers, but I assure you your day will come.
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:08pmBelieve me this, they are not going to let Europe burn.
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:10pmAnd if Europe burns, then Russia will have nothing to gain from it by supplying it with energy.
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:19pmThey are foreclosing on the United States of America, and lastly they will close the door even on Federal workers.
Report Post »Itsjusttim
Posted on February 15, 2012 at 2:22pmBut in the meantime they are going to cut the nuclear arsenal, sell Naval ships, sell other military equipment, piece it out one unnoticeable at a time, until there isn’t anything damaging left behind, and then they will close out the workers.
Report Post »USAMEDIC3008
Posted on February 15, 2012 at 1:58pmEverybody stop , step back 10 paces ,look
Report Post »You see the change , but where is the HOPE
pjmarshake
Posted on February 15, 2012 at 2:31pmThe hope is being held back for Nov, as in ” I hope there’s someone worth electing to replace Obama.”
Report Post »pjmarshake
Posted on February 15, 2012 at 1:57pmIt’s not only the apps listed above. I had apps that were affiliated with Google that had notices of information sharing, yet other Google related apps provided no warnings at all.
Report Post »broker0101
Posted on February 15, 2012 at 1:55pmWhew! It’s a good thing most of you “choose” not to be able to afford an iPhone. The Communists and Fornicators would be after for sure if you did!
Report Post »The Jewish Avenger
Posted on February 15, 2012 at 1:55pmah.. so sad….
Please, continue to praise Apple like its different than Microsoft!
BWAHAHAHAHAHAHAHAAA
Report Post »