I admit, it's rare that the Security Clan Editor needs to hold Apple mobile devices up to scrutiny. Unlike Android apps, the apps sold in the Apple app store -- try saying that fast -- are subject to review before being released into the wild.
Sure, the possibility of "jailbreaking" the iPhone means it's not necessarily a closed operating system, and people can find ways to download unapproved and possibly malicious apps. We've also seen that a skilled hacker was able to plant a sleeper rogue app in the store.
But other than the allegations last spring of location tracking, Apple's mobile devices seem to have led a charmed life. Until now. According to a New York Times report, your iPhone, iPad, and iPod might be leaking like sieves, allowing apps to scavenge photos and location information, as well as address books.
Two weeks ago, Times reporters revealed that address books could be copied from smartphones by app developers without the owner's permission or knowledge. Wrong-footed, Apple insisted that its rules for developers expressly prohibited the practice, but it seemed unable to explain why apps that steal addresses had nevertheless been approved for sale.
Indeed, it seems that dozens of popular iOS apps, including Yelp, Twitter, and -- surprise! -- Facebook, have been collecting addresses and storing them on their own services, in a practice that has been described as an "unspoken industry standard." Few ask permission before doing so. FourSquare and Instagram added permission prompts only after the practice was exposed.
But addresses, it seems, may be the tip of the iceberg. Accepting an iOS prompt that asks permission to access location data can also allow copying of private photo and video libraries, the Times said yesterday. Because these devices often save coordinate information along with photos, it might also be possible to put together a user's location history, as well as recording current location.
Apparently in an attempt to make photo apps more efficient, access to private photos has been available since the fourth version was released in 2010. With the revelation that many apps were contravening Apple's rules against address-book scouring, suspicions are raised that apps that exploit the photo/video access floor may not have been excluded from the app store.
Given the steady stream of private photos of celebrities leaked online, there must be concern that this flaw could be contributing to intrusive privacy breaches. Apple has yet to comment.
The problem is clearly twofold. First, these incidents suggest that, although Apple moves quickly to fix security problems once they're disclosed, screening of apps prior to release may not be as stringent as once thought. Second -- and this is really the root of many problems discussed here -- there's the absolute lack of sensitivity to user privacy displayed by many high-profile Internet enterprises.
If it doesn't even occur to Facebook or Yelp or FourSquare -- or any of the other usual suspects -- that taking someone's address book without permission might be unethical, we can safely assume that, if they know about the photo flaw, they've been exploiting that, too.
Innocent until proven guilty, of course, but don't be surprised to find some of these businesses standing in line with creepy hackers to flick through your albums.
I completely agree - the watchers need to be able to know what is happening, and be able and motivated to stop abuses - thats why the corporate veil is such an obstacle. If the watchmen are the companies themselves, the issues are reduced greatly. The only way to get monitoring to work is to give the corporation intrinsic motives - which is why laws and liability are the only way to address most of these issues.
Interesting point, David. Indeed, while we may raise our eyebrows and cause a bit of a fuss, to some degree we rather expect tech companies to invade user privacy -- but we also expect privacy safeguards to work. Indeed, the PR fallout could be a lot worse for the watchmen than the do-badders depending upon the situation.
The word that scares me most aobut your post is "caught" - the incentives are all wrong. Any companies don't have any real worry about being caught breaking the law - it's a minor inconvenience and a fine less than they made from the illegal act, typically. Apple, perhaps, could track who exploited these bugs, but they would only be publicizing the vulnerability in their system. Who else can find out? The people running and montoring the system are the ones who will lose credibility if they find that anything occurred - so will anyone ever investigate? I assume not.
Some of the dots need to be joined up, Joe. We know that several major Internet companies have been using a similar flaw to take address books. We know that the photo/video breach is viable. I don't think we yet know whether it has been exploited, or by whom.
When I read the New York Times article about this, I was very concerned. It's creepy to think of appmakers potentially accessing and looking through private photos, and there would no doubt threaten to be serious legal implications for any companies caught doing so without user permission.
David, that seems entirely reasonable. The FTC settlement with Facebook promises some very significant fines in the event of a breach; what will it take for the FTC to find a breach?
It is heartening to see that there are people who can have a profit motive, and still be able to make the assessment that, long term, promoting consumer rights is a business advantage. Consumer Reports has long been a fantastic resource for just that type of work, and I'm happy to know that they are working on our behalf.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Edward Snowden was so convinced that the Prism program involved secretive surveillance through Internet backdoors that he walked out on his job and his girlfriend, spoke to the media, and resigned himself to jail, or worse. It turns out, he might just be wrong.
In one of the nastiest -- not to mention large scale and long-term -- hacking exploits yet to be reported, it appears that the Chinese army has been rummaging through the data of those who have served in the US Armed Forces.
ASA Risk Consultants added its voice this week to the slowly growing chorus of voices demanding a coordinated international response to cyberattacks. In a research note circulated by IDG, ASA asserts that "nations will need to come to an agreement on how cyber warfare should be handled."
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
Law enforcement agencies are poised to use iPhones as facial recognition systems in the coming months. The technical advance promises efficiency but has created a backlash among civil liberties proponents.
The Murdoch/News International scandal has all the elements of the digital age, from phone-hacking through embarrassing emails to agile digital reporting.
The Internet has changed the way that companies market products. Now "Likes" and thumbs up carry a lot of weight. So perhaps it's not surprising that a black market technique has emerged whereby some Websites offer to boost ratings in exchange for cash.
M2M is a hot acronym, but maybe it should stand for "Mine-to-Mine" because our appliances exist in a zone of personal information. Managing cooperation of the devices within this zone will allow us to create value and understand and mitigate the security risks they pose.
The US government is funding controversial projects to collect daily Internet activity, including Web searches, Twitter messages, Facebook and blog posts, and the digital location trails generated by billions of cellphones. Its goal is to map these interactions to predict social behavior, such as protests.
With more and more executives relying on mobile devices to complete their work, mobile device management has become as popular as traditional IT management solutions.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
