(picture from Gizmodo)
Android's marketplace is growing at an alarming rate, and while it's great to see so many enthusiastic developers submitting their ideas to the market, it's really disturbing to also see that privacy violations in both Android's and Apple's marketplace are getting way out of hand. Sure, this is a problem that Google is aware of, but combating it seems to have even the best engineers and security experts scratching their heads when it comes to apps that violate user privacy. Unfortunately, some recent new discoveries show that companies aren't being nearly responsible enough protecting private data from being harvested in the marketplace, including big names like Facebook and Twitter.
On February 8th, a Singapore based software developer named Arun Thampi reported he discovered an iPhone app from Path had uploaded his ENTIRE address book to its servers without even asking for his permission. The CEO of Path responded by saying that "the use of this information is limited to improving the quality of friend suggestions when you use the 'Add Friends' feature and to notify you when one of your contacts joins Path," but admitted that "we now understand that the way we had designed our 'Add Friends' feature was wrong." The company has since then modified the app to ask permission, but would they have ever done that had this flaw not been discovered and brought to the attention of the public? How many entire address books did they manage to store before "realizing their design feature was wrong“? A pathetic excuse if you ask me. OF COURSE you need to ask permission to upload someones complete address book to your servers. Common. (their official "apology" can be viewed here).
Ever heard of a little app called Foursquare? I'm sure you probably have. Well you might be a bit dissappointed to learn that Foursquare was found to be "uploading all of the e-mail addresses and phone numbers in your address book with no warning and no explicit consent given,". What about Twitter and Facebook? Also uploading your entire address book to their servers. A Twitter representative responded that "after mobile users tap the 'Find friends' feature on its smartphone app, the company downloads users' entire address book, including email addresses and phone numbers, and keeps the data on its servers for 18 months." Apps from Twitter and Facebook were apparently uploading address book information, after asking or warning users, but apparently Twitter is now apologizing to users for not letting them know that they are actually storing it for months (or years apparently). UNACCEPTABLE.
These most recent discoveries indicate that specific apps that a lot of people use (millions actually) are storing users complete phone books without permission of the user. This is a double dose of "that's messed up!“, as not only the privacy of the owner of the phone is being compromised, but also everyone in the owners phone book as well.
What makes this a complex issue is the fact that it's not only Google and Apple directly that we have to only worry about to protect our data, but the thousands of app developers creating apps for them. The Android market and IOS App store combined have a total of almost 1 million apps, and Apple's app store alone has had over 15 billion downloads, with the Android market following at around 10 billion downoads. That's a combined 25 BILLION downloads. Over 3 times more than the Earth's population. With that many apps downloaded, the question arises: Just how safe are the apps that we use, and how dangerous could they actually be when it comes to our personal data? Let's look at a few
I don't know about you guys, but to me this is complete BS, and the problem is that doing this is becoming a common practice. Blogger Dustin Curtis performed a survey and discovered that 13 out of 15 IOS developers of apps with a "find friends" feature admitted that they also uploaded user contacts to servers without consent. 13 of 15?? WOW. Dustin went on to say that "One company's database has Mark Zuckerberg's cellphone number, Larry Ellison's home phone number and Bill Gates' cellphone number." Apple took no action to prevent it until Tim Cook was actually sent a letter from United States House Representatives, which is funny because it completely violates Apples company rules in doing this. It has now been fixed, and Apple reports that "any app wishing to access contact data will require explicit user approval in a future software release." It only took 15 BILLION downloads for you to make this "rule“? Get outta here. Google is in the exact same boat, and also needs to make this A LOT more clear to developers using Android, as this is getting out of hand.
Maybe you think I'm overreacting? Well, everyone is of course entitled to their opinion. But for me personally, I don't think it's too much for you to FREAKIN ASK ME before uploading my entire contact book to your servers. I'm all for a digital future, and I'm all for making information as accessible as possible, but let's not forget a little thing called common courtesy. If I walk into Google or Apple's offices and over to the reception drawer, open it, pull out their ENTIRE CONTACTS documents, and then walk out of the building without even asking anyone (even if I asked, they still wouldn't hand it over), I would probably get thrown UNDER the jail. Hell, if I would walk in my next door neighbors house and take his contact book from the coffee table I would get properly punished for it.
Funny that app developers and social companies can do the exact same thing with no one to answer to.....
Source: Mercury News