The iOS Address Book Controversy, and How Apple Is [NOT] Fixing It

by Thomas Brady


Blogs and news sites lit up last week announcing “[App X] uploads your address book to their servers!” It’s a longer list than any of us had hoped, but many of us were not surprised.

It all started when developer Arun Thampi, who was tinkering at making a desktop Path client, blogged “I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path”.

Path, the social networking app, was uploading the user’s address book to their servers. Path made a poor attempt at an explanation — the data was uploaded to enable a “find your friends” feature, and eventually Path formally apologized and released an update that tells the user exactly what it’s doing and allows opt-out.

In all this kerfuffle, many wondered why Apple allowed this to happen, and discussed methods to prevent this sort of thing from happening. Today, All Things Digital’s John Paczkowski reports, Apple has publicly stated that a future version of iOS will, as many suggested, prompt the user before an app attempts to access the address book, much the way the user is prompted before an app can access location data or subscribe the user to notifications in the current iOS.

This is great, but it’s not going to fix the problem.

Imagine that this Path fiasco happened after this change the iOS had been implemented — for instance, imagine iOS had always prompted the user for access to the address book.

  1. User launches Path.
  2. User or Path initiates “find-a-friend” feature.
  3. Path asks the user, “Is it okay if I access your address book, to see if any of your friends are using Path?”
  4. User says “Sure!”
  5. Path now uploads your address book to their server.

Did the user know what they were agreeing to? Are we supposed to rely on the developer to honestly and responsibly ask, “May I upload your data?” That sounds like a broken system that isn’t very different from the one we have currently. There’s no way to prevent developers from uploading contact data via API lockout. You could, as Marco Arment suggested in Build & Analyze episode 63, only allow access to a single contact at a time, much the way the camera roll image picker currently works, but then you’ve prevent the developer from implementing a friend discovery features. Maybe that wouldn’t be so bad.

So maybe that’s what’s happening here. If that’s the case, Apple will have prevented developers from uploading your address book easily, but not from uploading each contact you give it permission to touch.