Apple shuts door on developers building databases from iOS users' address books
Last week, Apple made some changes to App Store regulations that prevents developers from collecting information about iPhone users' friends and contacts. Before this change, developers could obtain this information without consent from most people involved. Developers often ask users to share their phone contacts to quietly build a database of names and numbers that can be sold to marketers.
At Apple's annual WWDC developers conference last week, the company mentioned that social media sites viewed on Safari will soon ask for permission before allowing users to share content from a site. Sharing content allows social networks to collect user data. While that move was publicized by Apple, the company did not reveal the newly updated App Store Review Guidelines that prevent developers from using address book information to produce a database (see image at the top of this article). Sharing and selling such a database is also prohibited, and Apple also blocked developers from collecting contact information for one reason, and using it for another reason without getting a new consent.
When an iPhone user installs an app and gives consent, the developer gets a treasure trove of data points about the user's friends. Some apps, including Facebook, now allow for the removal of a user's contacts that have been uploaded, but the vast majority don't. Address Book information can include names, work and home addresses, phone numbers, birthdates, and any photos that the user attached to friends or family members' profiles. This issue is not confined to Apple as Android users also can have the names in their contacts list be turned into a database for marketers.
This is what happened with Facebook when data about users' friends was turned into a psychological political study. These profiles, which were used to determine which party a person supports, were sold to consulting firm Cambridge Analytica in a successful attempt to sway voters for the 2016 presidential election.
In 2013, a mobile flashlight app was sued by the FTC for collecting information from users without their knowledge. The FTC tells consumers to be careful when an app asks for information that has nothing to do with the app's main features.
While Apple has put the new rules in place, it remains to be seen how successful they can be. After all, Apple might not be aware if a developer is using information from a user's address book to collect names and contact information to produce a database.