Skip Navigation


Smartphone apps and your address book
Thursday 16 February 2012 12:04:12 by Andrew Ferguson

We all know that we should not go exposing too much information about ourselves via social media apps, but it appears that even those who are careful may have been exposing more than they expected. A number of social media applications including Twitter have when users using a 'scan your contacts to find users on our service' function were not simply scanning the local contacts information, but were uploading it to a remote server for processing, and in Twitters case this address book information is stored for 18 months.

The BBC News article covering this subject, reveals that it appears Twitter may have broken Apple App Store rules in uploading the data, by not obtaining users consent. The problem does not just affect the iPhone, similar issues arise with Android smartphones, though when installing an app you in Android get presented with a long list of parts of the phone the software plans to access.

Assuming app developers quickly move to ensure users are informed of what it is uploading then little damage is likely, but there is a danger that if rules are tightened significantly that users will become used to simply saying Yes to Grant Permission type pop-ups.

So far there are no suggestions that the major app providers like Twitter have abused this address book information, but that it not to say that some applications will not have exploited it. There is the question of how a heavily moderated app store like the Apple one could have let this flaw through its approval processes.

The launch of Barclays Pingit that is a smartphone app that allows money transfers of up to £300 to others who have linked their mobile number with their account, raises the bar in terms of the risk that rogue smartphone applications present. PayPal has been in the smartphone arena for sometime, allowing you to make payments to other PayPal users around the world.

Comments

Posted by otester over 2 years ago
Everyone should use privacy guards which makes apps ask for it.
Posted by momist over 2 years ago
I'm not aware of "privacy guards" available for Android, but agree that this should be a facility available. It has puzzled me why the download of an app triggers agreement to the various access requirements, then there is never any further request necessary when data is to be uploaded.
You must be logged in to post comments. Click here to login.