iOS 6 Tightens Grip on Apps’ Access to Personal Data
Following a series of allegations of privacy infringement, apps running iOS 6 must require explicit user permission to access calendars, reminders, contacts and photos.
In February 2012, Arun Thampi, a Ruby/iOS Developer in Singapore, made a discovery that sparked up a heated privacy-protection debate. Thampi found out that Path, a popular app in the App Store, accessed his address book and sent its content to its servers, without explicit permission. Despite the app developer’s qualifying this privacy slip up as “nothing more” than a way to help “the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and family join Path,” the incident brought the Apple app developer policies under scrutiny.
Taking up other privacy breach allegations made by the media, including Dustin Curtis’ claims that “there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference,” U.S. congressmen Waxman and Butterfield requested clarifications on iOS App Guidelines in an open letter to Apple CEO Tim Cook.
Minutes after the official inquiry was launched, Apple spokesman Tom Neumayr responded in an exclusive statement for AllThingsD and revealed plans to remedy the situation: “Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
In fact, Apple started implementing the explicit permission policy for apps to access users’ address book information beginning with the OS X Mountain Lion beta, according to a www.macrumours.com report in March 2012.