iPhone address books being sent to the cloud
Last April, the late Steve Jobs assured us that Apple ‘haven’t been tracking anybody’, despite the fact that Apple had been recording and storing iPhone users’ location – information made available via the device. Researchers had discovered that Apple was retaining specific information as to users’ whereabouts over a 12 month period, a finding which sparked investigations by various European Governments and demanding answers from US law makers over privacy issues. The controversy was certainly not swept under the rug by Apple, who compiled a written report by (then) CEO Steve Jobs, senior vice president of worldwide product marketing Philip Schiller, and the senior vice president of iPhone software Scott Forstall. Although Apple softened the blow by stating that the location was in fact the location of the WiFi Hotspots and Towers, not the individual devices themselves, they nonetheless accepted that there had been a mistake in the programming resulting in the storing and maintaining of unencrypted data for such extended periods, and in the recording of location even when users had turned their device off. Apple was lauded for its prompt and proactive response; however, they have recently found themselves in a similar privacy issue quandary.
It has now been discovered that some Apple iPhone and iPad apps are absorbing clients’ address books without user’s permission. On 15 February 2011, two US Congressmen, Henry Waxman and G.K. Butterfield, wrote to Apple CEO Tim Cook, asking “
hether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.” The letter has requested a response from Apple by 29 February; shortly after receipt of the letter, Apple stated that it will bring in measures to require ‘explicit approval’ from iPhone and iPad users in separate user prompts before accessing user’s address book data.
The letter comes after it was discovered by Arun Thampi, a Singaporean developer, that an iPhone networking app developed by ‘Path’ had been uploading his contacts’ names and numbers onto the Path server. In the days that followed, it was revealed that other iPhone apps, such as Facebook, Foursquare, and Twitter were operating similarly. Co-Founder and CEO of Path, Dave Morin (who was cc’d in the letter to Cook), posted an apology on the Path blog on 8 February 2012, acknowledging their mistake and, despite placating us with assurances that all our information was transmitted via an encrypted connection and that it was at all times stored securely, we were nonetheless assured that they have deleted the “entire collection of user uploaded contact information from our servers”.
However, although protestations of guilt and sincere apologies abound, there are some who are more cynical. Internet technology blogger Dustin Curtis has gone so far as saying that ‘there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference’, a comment posted on his Blog on 8 February 2012. It is Curtis’ belief that the bulk of the responsibility falls, not with app developers such as Path, but with Apple. It is Apple who we know and trust, and therefore it is Apple who should be vigilant in ensuring that trust is not breached.
Disclaimer: This blog is for general informational purposes only. It is not legal advice nor is it a substitute for legal advice. Readers should seek legal advice on their own particular circumstances. Alan Arnott is a technology & telecommunications lawyer with qualifications in computer science and law with Arnotts Lawyers Jones Bay Wharf in Sydney. For more information, please visit www.arnotts.net.au.
Efficient, responsive and cost effective legal services.
Contact Alan Arnott for urgent assistance on:
Telephone: +61(0)2 9571 6793
Facsimile: +61(0)2 9419 8795
Postal: Suite 109, 26-32 Pirrama Road, Pyrmont, New South Wales 2009 Australia