Apple's iPhone Privacy Headache

Apple Inc. (Nasdaq: AAPL) is allowing developers more access to user data than ever before with applications on the 3G iPhone, and that's already leading to privacy concerns as users find their address book and other personal data plundered by unscrupulous software developers.

The main problem stems from the way that third-party applications downloaded onto the phone via Apple's App Store have access to the contact lists stored on an iPhone. Some users have already been sent unsolicited messages by third-party developers that have "spammed" contact lists.

The most notable offenders so far are social networking site Loopt Inc. , and the developers of role-playing game Aurora Feint. Loopt sent unsolicited invitations to join its service but has reportedly stopped, while the Aurora Feint crew sent contact information unencrypted back to their servers and were kicked off the App Store for a time. "Aurora Feint's problem with Apple was fixed and the game is back on the iPhone," a representative for the game's developers told Unstrung via email on Wednesday.

"Yes, you have access to the contact list, which is great," explains Justin Davies, CTO and founder of U.K.-based mobile social networking software firm Ninetyten. "But I think that developers should warn the users before they access information... There have already have been a couple of developers that have gone too far."

Davies says Apple's App Store lies somewhere between a truly open software download site and the strict rules enforced by smartphone rival Symbian Ltd. , which, Davies notes, can "slow time to market" for new mobile applications.

He also wonders aloud if Apple even has the "infrastructure" in place to do stricter testing on software submitted for the App Store, and suggests the firm may wish to add "another security layer" to the system to protect users. "It is definitely a learning curve for Apple," he opines.

Some of the privacy burden, however, will likely fall on third-party developers, particularly if systems do become more open with the advent of mobile broadband networks. Some developers say they're already rising to the challenge.

"We are not like Loopt," Bobby Gurvinder Singh, co-founder and CEO of mobile blogging software firm CellSpin tells Unstrung. He describes using the Apple platform to send out unsolicited invitations as "very intrusive." "We believe you should be able to make everything private," Singh says. He adds that CellSpin has set up its software, which allows users to send text, audio, visuals, and video from their phones to sites, so that content can be kept private or simply shared with friends and family.

Such privacy concerns become even more pronounced as the iPhone expands beyond consumer environments into the enterprise. "If validated, the implications could be significant and damaging for enterprise," says analyst Carmi Levy at AR Communications Inc. "The last thing any IT decision maker wants is for a mobile platform – or any platform, for that matter – to contain weaknesses that allow anyone with a modicum of skill to harvest confidential data from the device."

Levy adds: "As Apple continues to try to convince the world that the iPhone works well in an enterprise context, it’ll need to decisively address any concerns over security weaknesses that allow these kinds of incursions to occur. For all of Apple’s success in turning the iPhone into this year’s must-have consumer device, business customers are a much tougher lot. If there is any doubt about Apple’s ability to identify and close security loopholes, the iPhone will forever remain a consumer-only device."

Ninetyten's Davies neatly summarizes the likely view of many business device users: "I'd be pretty pissed off if an application just scooped up my contact list with all my business contacts."

Unstrung called and emailed Apple for clarification on its iPhone third-party application privacy policies and any updates on allowing software vendors access to user data, but a response is still forthcoming.

— Dan Jones, Site Editor, Unstrung

[email protected] 12/5/2012 | 3:35:30 PM
re: Apple's iPhone Privacy Headache To be clear, Gǣunsolicited invitationsGǥ were never sent by Loopt. Invitations to join Loopt are always initiated by end users, _never_ Loopt itself. What this article actually refers to is that the initial version of our iPhone app 'auto-selected' certain contacts to make it easier for users to send friend invites to people in their personal contact lists. The application indicated the selected contacts, including a counter, and each user pressed a "Send" button to initiate their invitation messages. However, we received feedback that the original user interface design was confusing, and addressed it promptly (in a matter of days). Second, it is very easy to permanently stop receiving Loopt friend invitations from other people by replying to any such text message with STOP, END, CANCEL, UNSUBSCRIBE, or QUIT. Our usersG privacy has always been a top priority for Loopt, and that mission continues to this day. To learn more visit: http://www.loopt.com/about/pri... Cheers, Brian Knapp, Chief Privacy Officer, Loopt, Inc. [email protected]
asanyal 12/5/2012 | 3:35:30 PM
re: Apple's iPhone Privacy Headache My name is Amanda and I work with Loopt. The concerns raised in this article have been addressed by in the latest version of the App. For more information visit: http://loopt.typepad.com/loopt...
Sign In