by Larry Magid
The revelations that iPhone developers have uploaded users’ address books without permission raises some very serious issues for the millions of people who use their phones to store personal and business contacts, and — in some cases — trade secrets and other confidential data.
On February 8th, Singapore-based software developer Arun Thampi blogged that Path, an app that lets people create and share their personal journals, “noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path.” Path quickly acknowledged the practice, apologized and issued a new version that asks for permission before uploading user data. In its “we are sorry” blog post, Path CEO Dave Morin said “the use of this information is limited to improving the quality of friend suggestions when you use the ‘Add Friends’ feature and to notify you when one of your contacts joins Path––nothing else.”
Big players poach data too
Later we learned that Path is far from alone. Other companies that have since admitted uploading user data include Foursquare, Twitter, Facebook, Instagram and Voxer, according to The Next Web.
I’m not a big fan of government regulation of tech, but Reps. Henry Waxman (D- Los Angeles) and G.K. Butterfield (D-North Carolina) were on target in their letter to Apple CEO Tim Cook when they asked “whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.”
Not just mobile phones
This breach, which is equally possible on Android phones, is very serious considering the vast number of mobile phone developers in the world. The companies mentioned in recent press reports about this particular breach seem to have responsibly, though belatedly, addressed the issue, but it causes me to wonder how many other apps are doing this and whether each and every one of those developers are likely to clean up their act. There are over a half million apps on the iPhone alone and nearly 400,000 Android apps, according to Appbrain with tens of thousands more apps being introduced monthly. And it’s not just mobile apps that concern me. I worry about Facebook and Twitter apps, programs that run on game consoles and of course apps that run on tablets, connected media players and personal computers.
In addition to the obvious personal risk of revealing names, phone numbers and street addresses of a person’s entire contact list, there is also a business risk here. Knowing a person’s contacts could be a very useful weapon for a competitor. It could be not only be used to steal potential customer information, but reveal upcoming business deals and alliances. We already know how Apple reacts when its trade secrets are at risk, companies that rely on Apple products have trade secrets too.
We shouldn’t panic – I don’t know anyone who’s about to jettison their cell phones — but we should be concerned and we must hold Apple,Google, Facebook and all other platform developers accountable to do all they can to protect users against deliberate or accidental misuse of our personal information.
Apps for Kids
While not directly related to the latest app flap, the Federal Trade Commission on Thursday issued a report entitled “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing” The report said that FTC “staff encountered a diverse pool of apps for kids created by hundreds of different developers,” but “found little, if any, information in the app marketplaces about the data collection and sharing practices of these apps.” The report recommends that “App developers should provide this information through simple and short disclosures or icons that are easy to find and understand on the small screen of a mobile device. Parents should be able to learn what information an app collects, how the information will be used, and with whom the information will be shared.”