Apple was warned as long ago as 2010 that the popular Gowalla location-sharing iPhone app was uploading users’ address books without alerting them, Technology Review has learned.
This raises questions about why Apple didn’t do then what it announced it would do yesterday. In a statement, the company said software upgrades for iPhones would be issued to protect users from the practice, which is forbidden.
Apple’s statements follow a series of revelations over the past week concerning apps that access users’ address books. The revelations began when an independent developer discovered that the two-million-user-strong social network Path collects users’ address books, assembling vast collections of names, e-mails, and phone numbers without consent. Others found that some other popular apps, including the location-sharing services Foursquare and Gowalla, do the same. Transmitting and storing users’ address books exposes them to an increased risk of their personal data being leaked, perhaps through an attack like the one that extracted credit-card details from Sony last year.
The criticism that followed these discoveries—compounded by evidence that Apple ignored a warning about such behavior from academic researchers in 2010—has led to calls for the company to alter iOS and reform its famously opaque application approval process.
In the longer term, all smart-phone operating systems may need more effective privacy controls to better explain what personal data they collect, and to let users opt out. Google’s Android mobile operating system already requires apps to receive explicit permission to access contact books or other private data, but app makers do not need to explain how that information will be stored or used, and many users seem not to fully understand what they are handing over.
In 2010, graduate student Manuel Egele and colleagues at the University of California, Santa Barbara, used a tool called PiOS to scan 1,400 iPhone applications for signs that they leaked sensitive user data. PiOS flagged Gowalla’s app because it stealthily uploaded a user’s entire address book to the company’s servers when a user viewed his or her list of phone contacts through the app.
That was a clear breach of user privacy, and of Apple’s own rules for inclusion in the App Store, says Egele, now a postdoctoral researcher at UCSB. But when Apple was contacted about it, a series of representatives showed little interest, he says. “We even took screenshots that showed it was being sent unencrypted,” he says. “They said, ‘If you have a privacy concern, you should contact the developer.’ ” Egele and colleagues presented a peer-reviewed paper on the work, including an account of their Gowalla finding, last year.
Apple did not reply to inquiries about the 2010 incident. But its first public statement on the address-book saga, made yesterday, implied that it had only just become aware of the issue.