Apple, already seen as a privacy champion, needs to do more

“Apple Inc. has positioned itself as the champion of privacy. Even as Facebook Inc. and Google track our moves around the internet for advertisers’ benefit, Apple has trumpeted its noble decision to avoid that business model,” Sarah Frier writes for Bloomberg. “When Facebook became embroiled in a scandal over data leaked by an app developer, Apple Chief Executive Officer Tim Cook said he wouldn’t ever be in such a situation. He framed Apple’s stance as a moral one. Privacy is a human right, he said. ‘We never move off of our values,’ he told NPR in June.”

“The campaign is working, as evidenced by media reports depicting Apple as hero to Facebook’s villain. But that marketing coup masks an underlying problem: The world’s most valuable company has some of the same security problems as the other tech giants when it comes to apps,” Frier writes. “It has, in effect, abdicated responsibility for possible misuse of data, leaving it in the hands of the independent developers who create the products available in its App Store.”

“For years iPhone app developers have been allowed to store and sell data from users who allow access to their contact lists, which, in addition to phone numbers, may include other people’s photos and home addresses,” Frier writes. “According to some security experts, the Notes section — where people sometimes list Social Security numbers for their spouses or children or the entry codes for their apartment buildings — is particularly sensitive. In July, Apple added a rule to its contract with app makers banning the storage and sale of such data… When developers get our information, and that of the acquaintances in our contacts list, it’s theirs to use and move around unseen by Apple. It can be sold to data brokers, shared with political campaigns, or posted on the internet. The new rule forbids that, but Apple does nothing to make it technically difficult for developers to harvest the information.”

“Apple has built in two direct consumer controls: one, when you agree to share your contact information with the developer; and the other, when you toggle the switch in your settings to deny that permission. But neither is as simple as it seems. The first gives developers access to everything you’ve stored about everyone you know, more than just their phone numbers, and without their permission. The second is deceptive. Turning off sharing only blocks the developer from continued access — it doesn’t delete data already collected,” Frier writes. “Google’s Android phones have the same problem… But Google hasn’t built its public profile on promises of being a superior steward of our data.

Read more in the full article here.

MacDailyNews Take: Apple is not going to be able to reach into developers’ drives and delete info they’ve already amassed.

That bit of obviousness out of the way, Apple needs to make a simple revision to their Contacts app so that all contacts are encrypted, secure, and unshared by default while giving users the ability to easily stipulate which contacts — and, for further granularity, what contact info — can be shared with developers. That’s not even a particularly difficult bit of coding.

Obviously, this should have been done many years ago, before the data left so many users’ silos, but, going forward, this could button up this rather glaring privacy hole and make Apple even more of a privacy champion.

[Thanks to MacDailyNews Readers “Judge Bork” and “Brawndo Drinker” for the heads up.]