All your contacts are belong to us: What apps are uploading your address book and why

address bookBy now you’ve undoubtedly heard about the great Path disaster: the social iOS app was found to be pulling and storing users’ entire contact lists without proper permission. After Path was put through the ringer, apologized, and thus subject to our still-simmering frustration, we found that it wasn’t the only offender. Hipster was also doing this, and Instagram quietly slid a new contacts permission prompt into its update.

So at this point, eyebrows everywhere are raised, and we’re all wondering which iOS apps are guilty of grabbing and storing our address books without notification.

Who’s doing it

In addition to previously mentioned apps, Twitter is also taking your contacts list without permission. The site admits that its iOS app pulls this information via the “Find Friends” tool and then stores it for 18 months.

Yelp only uses the contacts permissions screen the first time you use this part of the application, and moving forward does not.

Foursquare has also come clean, and already pushed an update that includes a fix. Foodspotting is planning to address its current practices, which not only includes pulling your contact list but sends a text version over an unencrypted HTTP connection to its servers (although it told VentureBeat it doesn’t store this information).

There are also quite a few apps that aren’t terribly clear about what they are doing when they access your address book. The fixes we’ve seen from Path, Instagram, and fellow offenders are explicit warnings about what’s happening. Some others are lagging behind, and haven’t cleared things up yet — meaning they are ripe for criticism and fall out if they are taking more than users think they are.

Tumblr currently has a feature that finds bloggers from your contact list, although there’s no permissions prompt explaining whether or not this information is being sent to Tumblr’s servers. New video filter platform Viddy is the same way, with just an application that says “Scan my address book.”

Why they do it

Given how quickly these companies are to apologize and push updates, they must have known they were toeing a line here. It’s not like it’s impossible to allow users to connect with one another by accessing their address books without sending and storing that data — it’s very possible. Making this information untraceable, and not using plain text would solve the problem, but developers have been doing it anyway.

But the data wars are only beginning, and anyone who uses the Internet knows how valuable the stuff has become. At the same time, your average social networking user has become much more Web savvy, and there’s a little more reading between the privacy policies going on. So everyone’s evolving in this sort of cat-and-mouse game: apps find a new way to leverage and keep our data without offended anyone, we catch on, they fix, and the cycle continues. 

Hashing (as very thoroughly explained by developer Matt Gemmell here) is a system where you can make this information anonymous so that accessing the contact list is still possible but apps aren’t able to use the data for their own means. It is, however, more work and an extra step to add to a developer’s already very long to-do list. So you can chalk part of the “why” up to fixing bugs, working on updates, the next big feature, finally getting around to that WP7 app — things fall by the wayside. It’s not an excuse, but it is a reason. 

There’s also the fact that they just… can. Apple hasn’t stepped up to the plate and said a word about any of this, even though its API is the one that’s been allowing this to go on. There are prompts for other data-sensitive features (allowing an app to use your location, or send you push notifications), so why wouldn’t Apple issue one for its apps accessing similarly personal content? It would take care of everything. Congress has sent a letter to the company questioning it all. “This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.” 

Apple is the one who should police developers, not users. In most of these cases, we’re inclined to say that these apps weren’t plotting some evil monetization or spamming scheme based on your contact information — things “slip through the cracks” and being that there weren’t any hard and fast rules about this issue, it was liable to slip. But that means they have to deal with the consequences.

It’s okay to get mad

And the consequences are many. Really, the angry villager thing Path had to sit through was unfair (seeing as it’s far from the only guilty party), and the trickle-down effect splitting the entire tech pundit industry in two has elevated it all to a new level. But whether or not Apple is to blame or developers should be raked over the coals, one thing is for sure: users are more than allowed to be mad.

The outrage may have taken on a life of its own, but it’s been effective. Apps that haven’t landed themselves in hot water have changed their contact permissions policies to avoid the scrutiny, and those that have been caught are issuing updates quickly. Holding developers accountable worked. Now you can debate the extent to which some were “held accountable,” but we’d argue that the ends justify the means. Path will more than recover, the tech media community will find something else to fight about, and we’ll wait to see if Apple steps up to the plate and requires a new address book permission screen. 

[Update: That was quick. Some minutes after posting Apple responded to the drama. A spokesman tells AllThingsD

“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”]

Home Theater

TV calibration 101: Here's how to tune up the picture of your new TV

You’ve got your new TV out of the box, but now what? Our TV picture adjustment guide takes you through the simple steps to get the best picture from your brand new TV so you can set it and forget it.
Mobile

How to downgrade your iPhone or iPad from iOS 12 to iOS 11.4

Apple's iOS 12 may be the latest and greatest version of the mobile operating system, but perhaps it's not right for you right now. If that is the case, thankfully there are some ways to go back to iOS 11.4.
Mobile

iOS 12 is now available -- here's how to install it on your Apple device

Apple unveiled iOS 12 at this year's WWDC and it's now ready for everyone. Here's how to install iOS 12 on an iPhone, iPad, or iPod Touch using your device's settings or with iTunes on your computer.
Computing

How to easily record your laptop screen with apps you already have

Learning how to record your computer screen shouldn't be a challenge. Lucky for you, our comprehensive guide lays out how to do so using a host of methods, including both free and premium utilities, in both MacOS and Windows 10.
Mobile

Not sure about updating to iOS 12? Here are five reasons why you should

If you’re on the fence about whether to install iOS 12 or not, allow us to explain why the update is worthwhile. Here are five of our favorite features from Apple’s mobile platform.
Mobile

Google Maps is available on Apple CarPlay with iOS 12

After months of betas, the final version of iOS 12 is here to download. The new OS comes along with tons of new capabilities from grouped notifications to Siri Shortcuts, here are all the features you'll find in iOS 12.
Mobile

Updating to Apple’s iOS 12 will make your iPhone a whole lot smarter

iOS 12, the latest version of Apple’s iOS, is officially here. We took it for a spin to check out its new noteworthy features, and if it truly changes our smartphone habits for the better.
Mobile

Find out how Apple's new iPhones measure up to the most bezel-less designs

As the smartphone industry marches toward a bezel-less future, we compare the shrinking bezels on the latest and greatest devices. Find out which manufacturers have the smallest bezels on their smartphone as we measure them side by side.
Mobile

iOS 12's Siri Shortcuts help Apple close the digital assistant gap

Siri may be lagging behind the competition, but Apple is finally supercharging the digital assistant with Siri Shortcuts, which allows you to perform tasks quickly and easily. Here's how to use iOS 12's new Siri Shortcuts app.
Mobile

Apple iPhone XS vs. Samsung Galaxy S9: 2018’s biggest flagships clash

The iPhone XS has been revealed, and it's one of the best phones of the year. But even though it's Apple's latest and greatest, it's up against a lot of competition. Is the iPhone XS better than the Samsung Galaxy S9?
Mobile

The best weather apps for the iPhone

Don't rely solely on your local meteorologist to stay up to date on the weather. Take matters into your own hands with one of these weather apps, each of which brings something unique to the table.
Mobile

Be an online phantom and web surf safely with Ghostery’s mobile browser

Keeping your private information to yourself has become progressively harder in the internet age. If you're worried about your personal information, check out the new version of the Ghostery browser for iOS and Android.
Mobile

Code found in iOS 12.1 beta suggests we will see a new iPad this fall

The new iPhone XS, iPhone XR, and Apple Watch aren't the last devices we'll see from Apple in 2018. There are plenty of rumors about a new iPad coming this year too, and it may share some design similarities with the new phones.
Wearables

Fitbit Versa vs. Apple Watch Series 4: Which wearable is the best?

Smartwatches are the health-conscious wearables that everyone wants. We wanted to see how the brand-new Apple Watch Series 4 matches up with the beloved Fitbit Versa, so we compared them in various categories to help you choose.