MacMobilitySecuritySmartphonesWorkspace

Apple Promises To Improve iPhone Address Book Security

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Follow on: Google +

Company bows to the concerns of the US Congress over iPhone apps covertly downloading address book data

All iOS apps will be required to ask the user’s permission to access their iPhone address book data, Apple has confirmed.

The Cupertino-based company made the announcement following pressure from authorities that are concerned because dozens of apps are accessing, transmitting and storing user data without permission, according to the Wall Street Journal.

Congressional concern

“We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release,” said Apple spokesman Tom Neumayr.

Apple’s announcement was prompted by the actions of concerned US congressmen Henry Waxman and G K Butterfield. The two men sent a letter to Apple CEO Tim Cook demanding to know just how many iOS apps transmit address book information after an incident that emerged last week involving two iPhone app development firms.

Path and Hipster were forced to apologise for uploading address book data without user permission and released updates for their applications which rectified the flaw. Both pledged to review how they handled such information in the future with Hipster going as far as organising an “Application Privacy Summit”. However, fears that these were not isolated cases persisted.

According to reports, many companies, including Twitter, Yelp and Foursquare have since altered the way they ask for address book data.

Over 100 million apps were downloaded from the App Store in 2011, but tests have shown that more than three quarters of applications fail to store user account names securely. Despite this, the security threats on Android are much more serious with Google recently introducing an automated scanning service called Bouncer to monitor the Android Market for potentially malicious apps.