The internet is starting to realize something unsettling: our iPhones send information about the people we know to private servers, often without our permission. Some offending apps are fixing themselves. Some aren't. But the underlying problem is much bigger.
Apple allows any app to access your address book at any time—it's built into the iPhone's core software. The idea is to make using these apps more seamless and magical, in that you won't have dialog boxes popping up in your face all the time, the way Apple zealously guards your location permissions at an OS level—because fewer clicks mean a more graceful experience, right? Maybe, but the consequence is privacy shivved and consent nullified. Even Steve Jobs thinks so. Your phone makes decisions about what's okay to share with a company, whose motivation is, ultimately, making money, without consulting you first.
Once you peel back that pretty skin of your phone and observe the software at work—we used a proxy application called Charles—watching the data that jumps between your phone and a remote server is plain. A little too plain. What can we see?
As Paul Haddad, the developer behind the popular Twitter client TapBot pointed out to me, some of App Store's shiniest celebrities are among those that beam away your contact list in order to make hooking up with other friends who use the app smoother. From Haddad's own findings:
Foursquare (Email, Phone Numbers no warning)
Path (Pretty much everything after warning)
Instagram (Email, Phone Numbers, First, Last warning)
Facebook (Email, Phone Numbers, First, Last warning)
Twitter for iOS (Email, Phone Numbers, warning)
Voxer (Email, First, Last, Phone numbers, warning)
Foursquare and Instagram have both recently updated to provide a much clearer warning of what you're about to share. Which every single app should follow, providing clear warnings before they touch your contacts. But plenty of apps aren't so generous. "A lot of other popular social networking apps send some data," says Haddad, "mostly names, emails, phone numbers." Instapaper, for example, transmits your address book's email listings when you ask it to "search contacts" to connect with other friends using the app. The app never makes it clear that my data (shown up top) is leaving the phone—and once it's out of your hands and in Instagram's, all you can do is trust that it'll be handled responsibly. You know, like not be stored permanently without your knowledge.
Trust is all we've got, and that's not good. "Once the data is out of your device there's no way to tell what happens to it," explains Haddad. Companies might do the decent thing and delete your data immediately. Like Foursquare, which says it doesn't store your data at all after matching your friends, and never has. Twitter keeps your address book data for 18 months "to make it easy for you and your contacts to discover each other on Twitter after you've signed up," but you can delete the data at any time with a link at the bottom of this page. Or a company might do the Path thing, storing that information indefinitely until they're publicly shamed into doing otherwise. Or worse.
We need a solution, and goodwill on the part of app devs is going to cut it. All the ARE YOU SURE YOU WANT TO DO THIS? dialog boxes in the world won't absolve Apple's decision to hand out our address books on a pearly platter. iOS is the biggest threat to iOS—and nothing short of a major revision to the way Apple allows apps to run through your contacts should be acceptable. But is that even enough? Maybe not.
Jay Freeman, developer behind the massively popular jailbroken-iPhone program Cydia, doesn't think Apple's hand is enough to definitively state who gets your address book, and when:
"Neither Apple nor the application developer is in a good position to decide that ahead of time, and due to this neither Apple's model of 'any app can access the address book, no app can access your recent calls', nor Google's method of 'developer claims they need X, take it or leave it' is sufficient."
Freeman's solution? Cydia's "one-off modifications to the underlying operating system" that we deal in, nicely transfers this control back to the user." In other words, we can't trust Apple or the people that make apps—so let's just trust ourselves to control how iOS works.
Freeman left us with one, final, disquieting note. Shrewd devs and others with the knowhow have been able to dig through app traffic to find out of they're shoveling around your address book. But there's no easy way to do this—and if a dev really wants to sneak your data through the door, there's technically nothing we can do to stop him: "There are tons of complex tricks that can be used to smuggle both information in network traffic and computation itself." It's a problem fundamental to computer science—once the data's in a dev's hands, he can conjure it away, too small to be noticed by App Store oversight in churning sea of other apps.
Unless Apple keeps him from getting that information in the first place by letting us all make informed decisions with our phone and the private life poured into it. Your move, iOS.