All your contacts are belong to us: What apps are uploading your address book and why

address bookBy now you’ve undoubtedly heard about the great Path disaster: the social iOS app was found to be pulling and storing users’ entire contact lists without proper permission. After Path was put through the ringer, apologized, and thus subject to our still-simmering frustration, we found that it wasn’t the only offender. Hipster was also doing this, and Instagram quietly slid a new contacts permission prompt into its update.

So at this point, eyebrows everywhere are raised, and we’re all wondering which iOS apps are guilty of grabbing and storing our address books without notification.

Who’s doing it

In addition to previously mentioned apps, Twitter is also taking your contacts list without permission. The site admits that its iOS app pulls this information via the “Find Friends” tool and then stores it for 18 months.

Yelp only uses the contacts permissions screen the first time you use this part of the application, and moving forward does not.

Foursquare has also come clean, and already pushed an update that includes a fix. Foodspotting is planning to address its current practices, which not only includes pulling your contact list but sends a text version over an unencrypted HTTP connection to its servers (although it told VentureBeat it doesn’t store this information).

There are also quite a few apps that aren’t terribly clear about what they are doing when they access your address book. The fixes we’ve seen from Path, Instagram, and fellow offenders are explicit warnings about what’s happening. Some others are lagging behind, and haven’t cleared things up yet — meaning they are ripe for criticism and fall out if they are taking more than users think they are.

Tumblr currently has a feature that finds bloggers from your contact list, although there’s no permissions prompt explaining whether or not this information is being sent to Tumblr’s servers. New video filter platform Viddy is the same way, with just an application that says “Scan my address book.”

Why they do it

Given how quickly these companies are to apologize and push updates, they must have known they were toeing a line here. It’s not like it’s impossible to allow users to connect with one another by accessing their address books without sending and storing that data — it’s very possible. Making this information untraceable, and not using plain text would solve the problem, but developers have been doing it anyway.

But the data wars are only beginning, and anyone who uses the Internet knows how valuable the stuff has become. At the same time, your average social networking user has become much more Web savvy, and there’s a little more reading between the privacy policies going on. So everyone’s evolving in this sort of cat-and-mouse game: apps find a new way to leverage and keep our data without offended anyone, we catch on, they fix, and the cycle continues. 

Hashing (as very thoroughly explained by developer Matt Gemmell here) is a system where you can make this information anonymous so that accessing the contact list is still possible but apps aren’t able to use the data for their own means. It is, however, more work and an extra step to add to a developer’s already very long to-do list. So you can chalk part of the “why” up to fixing bugs, working on updates, the next big feature, finally getting around to that WP7 app — things fall by the wayside. It’s not an excuse, but it is a reason. 

There’s also the fact that they just… can. Apple hasn’t stepped up to the plate and said a word about any of this, even though its API is the one that’s been allowing this to go on. There are prompts for other data-sensitive features (allowing an app to use your location, or send you push notifications), so why wouldn’t Apple issue one for its apps accessing similarly personal content? It would take care of everything. Congress has sent a letter to the company questioning it all. “This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.” 

Apple is the one who should police developers, not users. In most of these cases, we’re inclined to say that these apps weren’t plotting some evil monetization or spamming scheme based on your contact information — things “slip through the cracks” and being that there weren’t any hard and fast rules about this issue, it was liable to slip. But that means they have to deal with the consequences.

It’s okay to get mad

And the consequences are many. Really, the angry villager thing Path had to sit through was unfair (seeing as it’s far from the only guilty party), and the trickle-down effect splitting the entire tech pundit industry in two has elevated it all to a new level. But whether or not Apple is to blame or developers should be raked over the coals, one thing is for sure: users are more than allowed to be mad.

The outrage may have taken on a life of its own, but it’s been effective. Apps that haven’t landed themselves in hot water have changed their contact permissions policies to avoid the scrutiny, and those that have been caught are issuing updates quickly. Holding developers accountable worked. Now you can debate the extent to which some were “held accountable,” but we’d argue that the ends justify the means. Path will more than recover, the tech media community will find something else to fight about, and we’ll wait to see if Apple steps up to the plate and requires a new address book permission screen. 

[Update: That was quick. Some minutes after posting Apple responded to the drama. A spokesman tells AllThingsD

“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”]

Wearables

10 top features you should be using on your Apple Watch

The Apple Watch can do more than just tell you the time, but you may not be aware of all the different functions it has. Our list of the 10 most often used functions and features will help you understand what it can really do.
Gaming

Xbox app lets you access your console while away from home. Here's how

Microsoft's Xbox allows you to access your profile information and launch media content directly from your mobile device. Check out our quick guide on how to connect your smartphone to an Xbox One.
Mobile

How to jailbreak your iPhone on iOS 12: A beginner’s guide

The latest jailbreaking tools for iOS 12 make freeing your iOS device easier than ever. This guide will teach you how to jailbreak your iPhone or iPad, and explain what jailbreaking will do for you.
Mobile

Having trouble logging in? Here's how to reset your Apple ID password

To use any of Apple's services, you need to have an Apple ID and know your password. Thankfully, there are ways to deal with forgotten passwords and regain access to your account. Here's how to reset your Apple ID password.
Mobile

Text up a storm with the best messaging apps for iOS and Android

These days, most people tend to favor digital messages over phone calls. We have the best messaging apps that allow you to share photos and documents, send text messages, and more with end-to-end encryption.
Apple

Want a MacBook that will last all day on a single charge? Check these models out

Battery life is one of the most important factors in buying any laptop, especially MacBooks. Their battery life is typically average, but there are some standouts. Knowing which MacBook has the best battery life can be rather useful.
Product Review

Controversy has dogged the MacBook Pro lately. Is it still a good purchase?

The MacBook Pro is a controversial laptop these days -- and that's unfortunate. Due to some divisive changes Apple made to the functionality of the MacBook Pro, fans are more split. Does the 8th-gen refresh change that?
Mobile

The best iPhone 6 cases for style and protection

No one likes a bruised Apple. Scratches, scuffs, and cracks on a new iPhone 6 are enough to ruin anyone’s day. Check out the best iPhone 6 cases and get some protection on that shiny new smartphone.
Mobile

Is 5G as fast as they’re saying? We break down the speeds

We take a look at the kinds of speeds you can expect from 5G when the networks roll out. Find out 5G compares to the last generation of network technology, what the minimum and maximum speeds will be, and what it means for us.
Mobile

Tizen 4 arriving on Samsung’s Gear S3 and Gear Sport smartwatches

Samsung is updating the Gear S3 Classic, Gear S3 Frontier, and the Gear Sport to the newest version of Tizen 4. Along with of some little tweaks to usability and quality-of-life, Samsung has added some new features.
Mobile

Mobvoi’s TicWatch E2 and S2 are the most affordable Wear OS smartwatches yet

Quality smartwatches don't have to be expensive, and Mobvoi's TicWatch is the proud paladin of that philosophy. Mobvoi's new TicWatch S2 and are both available for low prices from Amazon and Mobvoi's website.
Deals

Save up to $950 with the best smartphone deals for January 2019

Need a better phone but don't want to spend a fortune? It's never a bad time to score a new smartphone and save some cash. We rounded up the best smartphone deals available that can save you as much as $950.
Mobile

Apple Pay coming to more top U.S. stores, including Target and Taco Bell

Apple Pay is the best way to pay on your iPhone and Apple Watch. Apple Pay support is being rolled out across the U.S. for a variety of top retailers, including Taco Bell, Target, Hy-Vee, and more.
Mobile

The 2020 iPhones may only use OLED displays and Intel 5G modems

While some reports hinted that Apple was looking to move away from using Intel tech, a new report suggests the exact opposite. Reportedly, Apple has chosen Intel to supply 5G modems for Apple's first 5G-enabled iPhone, due in 2020.