Earlier this year, Apple came under fire from consumers advocates and Congress after it was discovered that apps, most notably Path, were uploading users’ entire address books to their servers without alerting users or asking for authorization. Path deleted the information, but a pair of U.S. Congressmen sent a letter to Apple asking for information on the company’s data collection policies.
More recently, LinkedIn came under fire for transmitting information from iOS calendar entries back to its servers in plain text.
In the OS X Mountain Lion beta, Apple began requiring apps to get explicit permission to access user’s address book information, and Apple PR said in February that any iOS app “wishing to access contact data will require explicit user approval in a future software release.”
Starting with iOS 6, Apple now requires apps to get explicit user permission before accessing Contacts, Calendars, Reminders, and Photos. From the “Data Privacy” section in Apple’s iOS 6 Release Notes:
In addition to location data, the system now asks the user’s permission before allowing third-party apps to access certain user data, including:
- Photo Library
For contact, calendar, and reminder data, your app needs to be prepared to be denied access to these items and to adjust its behavior accordingly. If the user has not yet been prompted to allow access, the returned structure is valid but contains no records. If the user has denied access, the app receives a NULL value or no data. If the user grants permission to the app, the system subsequently notifies the app that it needs to reload or revert the data.
As the iPhone and iPad have grown in popularity, Apple has come under increasing scrutiny over the privacy practices of both Apple and developers participating in the App Store ecosystem. Last year, Senator Al Franken asked both Apple and Google to require app developers to have “clear and understandable” privacy policies.
Apple later agreed to comply with a new California law requiring links to privacy policies in consistent locations and provide a method for users to report apps that do not comply with privacy requirements.
Congress also got involved over the disclosure of location information to app makers, going so far as to introduce a bill that would force companies to get explicit authorization before disclosing the user’s location to anyone. Apple now asks the iOS users if Location Services should be enabled during the initial setup process.
iOS 6 is currently in beta and is expected to be publicly released this fall.