Skip to main content

18.6-percent of apps still collecting address book data ahead of Apple’s iOS 6 data isolation privacy initiative

Although we are often skeptical of reports from security companies, a new report today from BitDefender highlighted just how important Apple’s new data isolation privacy initiative is in iOS. Starting with the public release of iOS 6 this fall, users will now be prompted to allow access to apps that want personal data such as contacts, calendars, reminders, and photos. However, until then, BitDefender claimed approximately 18.6-percent of the 65,000 iPhone apps included in its study can still access a user’s address book data, while 41 percent can track location.

Even more troubling is that only 57.5-percent of apps encrypt that cropped private data. MobileEntertainment (via COM) quoted BitDefender Chief Security Researcher Catalin Casoi:

“It is worrying stored data encryption on iOS apps is low and location tracking is so prevalent. Without notification of what an app accesses, it is difficult to control what information users give up… “We see a worrying landscape of poor user data encryption, prevalent location tracking and silent, unjustified, Address Book access.”

In related news, BitDefender’s iOS tool for detecting these apps called Clueful was recently removed by Apple from the App Store. The app had been available since May, and the issue of apps collecting data without user permission clearly still exists, but its unclear why Apple decided to remove the Clueful app. BitDefender mentioned on its blog that it’s looking into the issue.

After an outcry from various consumer groups and government bodies, Apple promised earlier this year to implement stricter privacy controls and notifications for app developers requesting private user data. Apple will now do so as part of its data isolation privacy initiative in iOS 6. Many apps, like Path and Instagram, already implemented warnings for users on its own. However, in a recent beta, Apple described the changes coming to iOS 6:

According to the “Security” section of the release notes:

In iOS 6, the system now protects Calendars, Reminders, Contacts, and Photos as part of Apple’s data isolation privacy initiative.

Users will see access dialogs when an app tries to access any of those data types. The user can switch access on and off in Settings > Privacy.

There are APIs available to allow developers to set a “purpose” string that is displayed to users to help them understand why their data is being requested.

There are changes to the EventKit and Address Book frameworks to help developers with this feature..

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Jordan Kahn Jordan Kahn

Jordan writes about all things Apple as Senior Editor of 9to5Mac, & contributes to 9to5Google, 9to5Toys, & Electrek.co. He also co-authors 9to5Mac’s Logic Pros series.