Last week, it was revealed that photo-sharing mobile application Path uploaded users’ entire address books without permission, and there was substantial public criticism of the company’s actions. After initially dismissing the criticisms, Path CEO Dave Morin apologized in a blog post and announced that the company had deleted the contact information uploaded to its servers and was releasing an updated version of the iPhone app to allow users to opt-in to the address-book upload. The New York Times and Ars Technica discussed the continuing problems with mobile applications’ privacy and security programs, as well as the culture concerning such issues in Silicon Valley.
Now, the Los Angeles Times reports on another privacy scandal concerning users’ address books — this time involving social-networking service Twitter:
Twitter Inc. has acknowledged that after mobile users tap the “Find friends” feature on its smartphone app, the company downloads users’ entire address book, including names, email addresses and phone numbers, and keeps the data on its servers for 18 months. The company also said it plans to update its apps to clarify that user contacts are being transmitted and stored.
As with many online social services, Twitter allows users to look for friends that are also registered users. In the case of Twitter’s iPhone app, users see a screen noting that the service will “Scan your Contacts for people you already know on Twitter.” The short description of the feature does not mention that it also downloads every entry in the address book and stores it.
“Log Data may include information such as your IP address, browser type, the referring domain, pages visited, your mobile carrier, device and application IDs, and search terms,” the policy says. “Other actions, such as interactions with our website, applications and advertisements, may also be included in Log Data.”
In response to questions about the process, Twitter spokeswoman Carolyn Penner said the company is planning an update to the language they use in the mobile app.
The Verge has a technical look at “iOS apps and the address book: who has your data, and how they’re getting it” and how the problem revealed by the Path scandal remains in other mobile applications:
Stated simply: any iOS app has complete access to a large amount of data stored on your iPhone, including your address book and calendar. Any iOS app can, without asking for your permission, upload all of the information stored in your address book to its servers. From there, the app developer can either use it to help find your friends, store it in perpetuity, or do any number of other things with it.
Over the course of the past day, we have been using the method explained by Arun Thampi (who discovered Path’s privacy violation) to investigate several dozen popular iOS apps. Our findings should bring both comfort and concern to any iPhone user — and to be frank the work of doing a similar investigation on Android and other platforms remains to be done. […]
The absolute worst case scenario is an app uploading your address book data without either informing you of its actions or without presenting you with a clear and obvious button that implies what it’s about to do. […]
So far, we have only seen this auto-uploading behavior from apps that a user might reasonably expect to look for friend information. We have yet to find any apps that simply grab and upload address book information for no discernible reason, but unfortunately that doesn’t mean they’re not out there. […]
At this point, it’s important to point out a few things. First, this issue may not be confined strictly to Apple, but Apple is the company that most obviously attempts to curate its app selection in order to protect users. In fact, Apple’s own App Store Guidlines have explicitly forbidden this type of behavior since 2010: […]
There is an interim technical solution that app developers can implement right now, and it involves anonymizing address book information before uploading it. Matt Gemmell goes into great detail on how to use “hashing” to make contact information anonymous yet still viable for social connections. It’s a clever and workable solution, but it still requires buy-in from individual app developers.