June 14, 2018
For years, developers for Apple’s App Store have been able to ask users for access to their phone contacts and then share or sell the data of everyone listed in those digital address books, without their consent. That practice has recently been getting a lot of negative attention, and now Apple plans to ban developers from using that information. The updated Guidelines nixes the creation of databases of address book information collected from iPhone users as well as selling or sharing it with third parties.
Bloomberg reports that, despite the change, Apple didn’t even mention its updated App Store Review Guidelines at its annual developer conference. The topic is timely, given that this kind of database sharing is what got Facebook into trouble with the Cambridge Analytica debacle. Under the new guidelines, an app can’t even “get a user’s contact list, say it’s being used for one thing, and then use it for something else — unless the developer gets consent again.”
After Apple launched the App Store in 2008, developers got “dozens of potential data points” when users installed apps and consented to give access to iPhone contact lists, with their “phone numbers, email addresses and profile photos of family, friends, colleagues and other acquaintances.”
In 2012, “Apple added a way for users to explicitly approve their contacts, photos, location information, and other data being uploaded by developers,” and some — not all — apps, “including Uber and Facebook, let users remove contacts that have been uploaded.” Developers have generated $100 billion since the App Store opened, said Apple.
“They have a huge ecosystem making money through the developer channels and these apps, and until the developers get better on privacy, Apple is complicit,” said Appthority president Domingo Guerra. “When someone shares your info as part of their address book, you have no say in it, and you have no knowledge of it.” Even with the new guidelines, “the company can’t go back and retrieve the data that may have been shared so far.”
Elsewhere, Bloomberg reports that Facebook informed the U.S. Senate that it opened TTC (Trust, Transparency and Control) Labs, an initiative to “work to improve the way people get informed about sharing their personal data.” The initiative, based in Dublin, Ireland, has partnered with “others in academia, design and industry,” and involves more than 60 other organizations. This tidbit of information was found on page 146 of Facebook’s 450-page document in response to 2,000 questions from Congress.