Apple – arguably a villain in the “Path copies your address book” brouhaha – has, under pressure from US lawmakers, decided to require that apps prompt users before accessing their address book data. According to Reuters, the decision came after members of the US House Energy and Commerce committee asked Apple to provide the …
The simple answer is to uninstall them.
The more complicated answer is to completely replace your whole phone software
Try LBE Privacy Guard for apps that do. I've been using it for a while (mainly to stop Facebook cracking on my CM9 HP Touchpad, that requires GPS (TP doesn't have TP)). Allows a lot of fine grained control over it. Works very well!
Some apps DO require contact list access to work properly (backup apps being the main one that springs to mind), but most don't but a lot do request it. Amazing that Apple allowed apps access to this in the first place without specific reasons from the developer. Amazing that people feel safe in their walled garden. I know my contact list is shared with Google (am aware, but don't really like), I can stop other apps accessing it, but it seems in the 'Walled Garden' no one knows who's had access... Could any game have been installed that requires your contact list without notifying you... Amazing....
I've never trusted LBE Privacy Guard
I just can't bring myself to install a PRIVACY app originating from China...
Re: I've never trusted LBE Privacy Guard
What could possibly go wrong? It's not like you need to grant it root access or anything....
So, where are the judges? Where are the cops? Where is the friggin FBI?
In most of the World taking personal data from a computing device and using/sending it without the owner's permission/knowledge is a serious offence or a crime . We have been watching this kind of crap happening very often lately, be it by Apple, Google, MS, and lots of other companies, with said companies getting a slap in the wrist at most . This situation, IMHO, proves two things:
- Law enforcement and the court system have a soft spot for big companies, the bigger the company, the softer the spot. Acts that would have landed an individual in jail for several years are paid for by infringing companies with a fine that is usually peanuts compared with the earnings they made committing the offence, and nobody ever goes to prison. There are examples of this not only in IT, but also on Big Pharma, Banking, Big Media...
- Law enforcement and the justice system's role nowadays is to protect a privileged few from the unprivileged majority of citizens. Every major player in the game -politicians, media, industry... - looks the other way, regardless of the harm done to Society as a whole.
This can't go on forever, and has to en somehow. Hence the icon :-(
Re: So, where are the judges? Where are the cops? Where is the friggin FBI?
The problem isn't the big companies, those usually warn or ask you for permission before doing this.
Eg the Facebook app shows a big notice about this if you ask it to sync your phone book. Twitter only sent your contacts when you choose to find friends.
The problem was with apps from smaller companies/startups who didn't.
However I believe none of the apps mentioned had any actual bad intentions with the data, it just made it easy to add contacts - every social network recommends people you may know.
The whole issue was overblown because one of the companies, Path, is funded by the startup fund Crunchfund and a small group of journo hacks had a grudge with them. In response, another group of hacks with interests in Crunchfund went into "save face" mode by accusing everyone else.
So there isn't much more to this story than two groups of journalists with deeply vested interests battling it out.
That's what's actually very wrong in all this, journalists with vested interests. But who can stop them?
"an incestuous investor-blogger culture in Silicon Valley."
No! Who would have suspected that?
Whatever next, rumours of insider trading in the City?
Vault, vault, vault
At least 3 or 4 tmes here in theregiser i bitched and moaned about our address books being plundered. Right from he start google could have and SHOULD HAVE bult vaults around every address book entry and firewalled off our contacts. But, no, they DID do harm by unlaterally allowing it, or by cowering to indusry and law enforcement. (Maybe all that bitching is why my phone keyboard lags and why i suspect i am being keysroked by multiple parties.....)
Now do something for Android
Yes the permission system is transparent for the most part, but when I was using LBE Privacy Guard I uninstalled Facebook app for this very reason. An update came one day and since then the FB app was requesting access to my address book on an hourly basis at all times when I wasn't running it.
I guess most users, like I did, assume that when an app requests permission to access contacts, they think its so you can merge with your offline address book. I don't recall anything about raiding the address book for those offline contacts to upload to their servers.
The permission system needs fixing, and like another commentard already floated the idea; the address book should be sealed off, it should only allow injection of contacts and ask for specific uploads.
Re: Now do something for Android
Hmm... but what about GoSMS that has to read the phone number and name of every contact in order to show those details against the SMSs and allow you to pick recipients? Or K9Mail that needs the email and name of every contact so that it can autocomplete email addresses as you type?
A better idea is for LBE to be baked in to Android and drop the "all-or-nothing" approach when installing from the market, and permission escalation requests should have a short description on what they're doing with the data.
Every app will need to be designed so that if they want something denied to them, they gracefully fail.
Agreed - I've written apps for Android and there's no reason why a resource such as the address book or net connection can't be checked for access and then requested if it's not available.
If permission isn't given, then fail gracefully. If it is given, then remember it for next time (or allow it to be remembered) this sort of thing would be needed often enough it would be worth Android having an API to handle the request box and and a 'remember this' tick box on a per-app basis automatically.
Internet and GPS may be turned off or unavailable on a phone at anytime, so developers are doing this anyway, just extend it for every permission. It'll make for more robust software.
Re: Re: Now do something for Android
"Hmm... but what about GoSMS that has to read the phone number and name of every contact in order to show those details against the SMSs and allow you to pick recipients? Or K9Mail that needs the email and name of every contact so that it can autocomplete email addresses as you type?"
LBE allows/denies access to contact list, data connection etc on an app by app basis.
so you could allow GoSMS access to your contact list while denying every other app, and deny GoSMS a data connection (so it can read the list, but can't send it anywhere...)
Smome of this may be redundant..
Who owns the data?
My email address is on my mates iPad. It is there because I implicitly allow him to send emails to me. However, that address is MY private data. I object to Apple allowing any app to suck it up for any purpose. I don't want emails from the app writers nor whovever they have have sold the list of illicit data to. I think it is time for the UK gov to start a class action on my behalf and sue Apple for say £1Trillion. That should fix the budget deficit nicely thank you.
Re: Who owns the data?
"class action"? Wrong legal system, wrong country. You need to start reading and watching British media to find out where you live and its systems, like lots of twits on here.who purport to be British, but write as if they live under American laws.
Re: Who owns the data?
Under current UK data protection law I believe your mate is responsible. Tell him he owes you a pint!
Re: Re: Who owns the data?
Er, Class Actions are possible in the UK, I was part of one against RBS for misselling. The only difference is that in the UK, the "Class" of claimants has to form itself and each has to opt-in. In the US a body (government, State or even big law firms) can take action on behalf of the group without having to identify all claimants. MAYBE before you flame, you could check Wikipedia...
Re: Who owns the data?
That was the first problem that entered my mind when I was reading about Twitter fessing up to doing it on BBC News. It doesn't matter what I do to protect my phone from having its information stolen, there will be some computer illiterate friend who has my name, phone number, email address, postal address, birthday, etc stored in one place and one of these 'reputable' companies will come along and slurp up my details.
Twitter has just said sorry about doing it. Will they really prove how sorry they are by deleting all the data they stole? I'm not holding my breath.
Re: Re: Re: Who owns the data?
'MAYBE before you flame, you could check Wikipedia...'
Re: Re: Who owns the data?
""class action"? Wrong legal system, wrong country. You need to start reading and watching British media to find out where you live"
His friend could very easily live in the US, as the alleged crime occurred there a class action would be done there.
Re: Re: Re: Who owns the data?
Wikipedia? Are you serious that that is your legal reference?
Anyway, you seem to support AC after a fashion: it is significantly different from USA law, as one should expect. So, he is to a large extent right: check your own nationality rather than that of the most recent television show or report.
He suggests the UK government explicitly.
Naming and shaming
“Privacy law is a waste of space, since it doesn’t protect privacy; public outrage is our only protection”, Clarke said.
This would appear to apply to the Foxconn workforce, too. (http://www.theregister.co.uk/2012/02/13/apple_fla_inspection/) The inspections may come to nothing, but they certainly wouldn't be happening if Apple hadn't been brow-beaten over the last year or so.
Re: Naming and shaming
Yes, but only Apple seems to get the heat each time. People complain now, but Apple may soon become the one and only tech company who does respect their workforce and user privacy.
Good for Apple users but what about the rest?
Re: Re: Naming and shaming
"Yes, but only Apple seems to get the heat each time"
They know that everyone else just copies Apple anyway so it saves them time.
Whether it's iOS or Android...
Anything using "private" data (GPS, contacts, SMS database, etc) should have to request permissions for each item individually, not in an "all or nothing" approach. You should be able to e.g. block GPS from FaceBook but keep it for Twitter if you so wish, without having to opt to not install any particular app.
The problem you end up having is you can have a request saying "Allow app access to address book?" with a "Yes" or "No" but then you need to ensure you have the "Remember this for next time?" checkbox, as well as a way to revoke these permissions at a later date if you foolishly opt in to giving your data to FaceBook now but then want it taken away in future...
And then you get another problem. If I revoke permissions on the app on my phone, I want that communicated back to FaceBook so that they delete all the data they have slurped previously. How long before that actually starts happening? Or will they insist that once you have provided that data, tough?
Re: Whether it's iOS or Android...
I think annoying popups are just the price of privacy and those who are too lazy to pay ought not to dictate the way things work. A workaround would be to ask on initialisation of the phone whether you want to be asked every time whilst being pointed to where you can change the settings at any time. iOS, for example, allows notifications to be configured on an app by app basis and I'm sure this cold be extended to access.
As things stand I am beginning to wonder which OS to choose for my next phone since Apple don't have a permission model for everything and have proved they don't vet apps, and Google permissions model is so all-or-nothing it seems designed to force you to hand permissions to the kitchen sink for any app you install.
Re: Whether it's iOS or Android...
"Anything using "private" data (GPS, contacts, SMS database, etc) should have to request permissions for each item individually, not in an "all or nothing" approach. You should be able to e.g. block GPS from FaceBook but keep it for Twitter if you so wish, without having to opt to not install any particular app.
The problem you end up having is you can have a request saying "Allow app access to address book?" with a "Yes" or "No" but then you need to ensure you have the "Remember this for next time?" checkbox,"
LBE Privacy guard (Android) ticks all of those boxes.
You can block location requests, phone identification details (IMEI), contact list, data connection access etc etc. Also lets you know when an app is trying to access something and you can deny it once, or tick the little box to deny from that point on - dead easy.
Not associated with LBE in any way, just a satisfied customer...
Re: Re: Wind: Whether it's iOS or Android...
Can LBE Privacy Guard be installed on *any* android phone straight out of the box, and work with immediate effect, or do you need to root it first (i.e. is it an all-users or a techie-users approach)?
If you need to root the phone to get this kind of functionality, then Android is as bad as iOS. I'm sure if you jailbreak you can find something on the cydia store to enforce similair permissions, but this stuff needs to be baked in to the operating system!
And it still doesn't allow you to revoke permissions and have all previously captured data deleted...