Recently, iPhone app ‘Path’ got caught for storing encrypted user data and uploading address books of its users to the server. The developers later apologized. This murky journaling application is not the rare exception. As a matter of fact, stealing data has become an industry standard.
Reputed and widely used apps like Facebook, Twitter,Yelp, Foursquare and even Instagram are the ones sending real names, email ids contact numbers right from the internal address book of your phone. Many of these apps don’t even request for permission before accessing this information while some apps transmits your data over an unsecured HTTP connection making it easier for 3rd parties to intercept.
Facebook uploads your contacts from your address book and also stores them, but it also warns the users about it as they may use the stored contacts to suggest friends to you or others. Twitter’s stand on this issue is not clear. It claims that they do not automatically upload contacts but the “Find Friends” an iOS based app has access to it. As a warning, Twitter lets its users know that they store contacts for as long as 1 and a half year with a view to generate ‘Who To Follow’ suggestions.
One of the most popular photo apps Instagram uploads your contact information as well but it also warns its users before granting the app to use the data. The warning clearly states that with a view to find friends Instagram will send address book data to the instagram server.
On the other hand, developing companies are strongly denying allegations of storing user’s data like Path was doing before getting caught.
Considering the fact that the malpractice of uploading contact information has become a common thing, now it’s high time to ensure that these confidential and private info are not used for any mal-intention.
Update: Apple has confirmed that they will be rolling out an iOS update to fix this issue.
Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.