Re: Epic Fail
"A hacker could simply write their own ios application. Plenty of apps have slipped through the net - look at the recent spate of apps that were surreptitiously downloading entire contact lists without Apple knowing."
Not requiring user permission for apps to access Address Book or Calendar was certainly a security hole that needed to be fixed, but I’m not convinced that those apps 'slipped through the net' - for the simple virtue that Apple didn’t require developers to *explicitly* ask for user permission for an app to access that data. Apple might have argued said such behaviour went against its guidelines, but developers could simply bury this in its T&Cs.
It’s obvious if an app didn’t make it crystal clear that such data was being accessed - rather than developers getting one over Apple, I think it was more a case of the company being overly sanguine about this issue.
I think a better example of this kind of thing would be the stock checking app by Charlie Miller (which was referenced by another poster_ http://www.theregister.co.uk/2011/11/08/apple_excommunicates_charlie_miller/