The big online privacy scandal of the past couple of weeks has been the discovery that the social networking app Path uploads your entire iPhone address book to its servers without asking for your permission. People were not only surprised that Path does this, but also that Apple lets them do it. Shortly after this was discovered, we learned that lots of other companies upload your address book as well. The Verge has a rundown of which applications access your address book and whether they ask for permission first.
The discussion I’m interested in is what access applications should have to your address book. One possibility would be for Apple to put the same warning on address book access that they put on use of location services, but as Chris Dixon points out, the more often you ask users for permission, the less attention they pay. I don’t like that solution.
Another option is to simply block access to the address book for apps entirely. I would not be opposed to this approach. Yes, social networking apps desperately want to hook you in by making sure you’re connected to your friends, and they want you to invite your friends to the service to grow their user base. What value do users get out of it, though? Automatically connecting to your friends is a small benefit, and in many cases there are other ways to determine who you’re friends with without pillaging your address book. Apple should strongly consider just blocking address book access entirely.
Short of that, the policy solution is to allow access only to applications once a user has acted to grant access for that application without being prompted directly. So, for example, applications that ask users to upload everything in their address book as soon as they sign up would not be allowed, but applications that have a “Search for contacts in my address book” button would be allowed. Whether Apple could enforce that policy is another matter. As a matter of policy, though, applications should not try to access your address book unless you try to use a feature that requires it.
Update: And I managed to get this post in right before Apple announced a policy change that will require explicit permission before an application can access the address book.
February 15, 2012 at 6:17 pm
I have a policy with my Android phone of only installing apps that want access to my personal data or a net connection, but not both.
So far I’ve been stuck with an all-or-nothing choice with each app, but I’m going to try Cyanogen and Whispercore, both of which support approving permissions individually. Unfortunately, the stock OS doesn’t allow that kind of control, and upgrading is beyond most people’s comfort zone.
I see the point about not asking users too many questions. I wonder if my own policy would be a better default for the OS in general: quietly allow apps that can’t leak data, but require approval for ones that want that power. If nothing else, it would encourage authors to leave out sketchy features that aren’t that important.