Foodspotting transmits your contacts' data unencrypted over the network so anyone can snoop it. Image courtesy of VentureBeat.
iOS apps that take your address book data: Facebook, Twitter, Instagram, Foursquare, and more
If you have an iPhone, chances are you are using either the Facebook or Twitter application. Turns out, they are among a surprisingly huge number of application that would just get all of your address book data to their servers, often without even asking your permission. That includes names of your friends and acquaintances, email addresses and even their phone numbers, according to a VentureBeat report.
How is this possible? Turns out, it’s been possible all along as iOS allows applications to easily get access to such private area as your address book and simply take it to their webservers. From there on, it’s up to the developers what they will use your contacts for.
What’s weird is that the scandal only broke a couple of weeks ago with social network Path, which was caught fetching your address book data to its own servers. Later, it apologized, but some of the most popular iOS apps are still taking your contacts data.
But this hasn’t changed much practices from the biggest apps out there - Facebook, Twitter, Instagram, Foursquare, Foodspotting, Yelp, and Gowalla were found to be all taking your address book data to their servers. In the worst case of Foodspotting, it’s transmitted over the network unencrypted so that anyone can snoop it.
Getting your contacts has been a common practice for many social apps that don’t want you to end up using their services alone. They get all of your contacts emails and sometimes phone numbers to try and connect you. Instagram has done this without even prompting the user. After the Path scandal, the app is now issuing the following mesage, prompting you to tap “allow”:
“In order to find your friends, we need to send address book information to Instagram’s servers using a secure connection.”
The biggest problem is though that those third-party apps, even though they’re promising not to keep your address data, could just like Path be storing it. There’s no way to check as we don’t have access to their databases. So, if they are and there’s a security breach as we’ve seen so often in the past, all of your contacts information leak out.
Finally, while application makers can and should be careful with the data, they point a finger back at Apple as the origin of the problem.
“I felt like iOS had given me far too much access to Address Book without forcing a user prompt. It felt a bit dirty,” Instapaper creator Marco Arment said in a blog post explaining how his app uses address book data. “Apple can, and should, assure users that no app can read their contact data without their knowledge and explicit permission.”
We wouldn’t blame you for feeling like your privacy is threatened after reading this. In the meantime, we’re still waiting for an official statement from Apple about the issue - hopefully it’s going to get addressed soon.