Apple [AAPL] is in the spotlight once again this week for what appear to be lax policing of its apps, specifically for allowing apps to steal iPhone user's personal information -- including Contacts information -- without any permission whatsoever, though the company says it will end this practise.
[ABOVE: "You're really well connected," says Apple. So now are Twitter, Facebook and who knows who else?]
I worry about iTunes
I've said before that I worry about iTunes. There's a certain hypocrisy to the position that a service which variously chooses to:
- police political dissent;
- deny the notion that some adults like adult content;
- and even censors rude words from music you already own...
..is also prepared to allow giant, unaccountable corporations to seize your data without permission or control. That's behavior I feel undermines the company's attempts to prove itself a friend of the people.
Companies are sometimes a little like people. People know that when you grow up there often comes a point at which you find yourself beset with all kinds of unforeseen consequences for actions you took when you were young. It's a sign of maturity, and with a market cap in excess of Exxon, it's clear Apple has hit this difficult age.
The story in brief
So, what's been happening? In its briefest sense, apps have been accessing and sharing user's address books without permission. That's why your Facebook friends list includes all those phone numbers you never agreed to share. Similar behavior has been found in apps from Twitter, Foursquare, Foodspotting and Path. You as a user are not offered the chance to opt out of sharing such data.
The controversy is such that two members of the US House Energy and Commerce committee have requested that Apple provides more information about its privacy policies.
"This incident raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," the letter states.
"How many iOS apps in the US iTunes Store transmit information from the address book?" they said. "How many of those ask for the user's consent before transmitting their contacts' information?"
Tip of an iceberg?
The problem seems huge. Developer Dustin Curtis describes its magnitude: "I did a quick survey of 15 developers of popular iOS apps, and 13 of them told me they have a contacts database with millions of records. One company's database has Mark Zuckerberg's cell phone number, Larry Ellison's home phone number and Bill Gates' cell phone number. This data is not meant to be public, and people have an expectation of privacy with respect to their contacts."
Faced with yet another furore, Apple has responded -- and, as per usual, has done so with a promise to put together new systems to protect user privacy.
"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," said an Apple spokesman.
"We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
Be warned: the problem extends beyond contacts. iOS apps can also access anything else in the OS sandbox, including pictures, calendars and other data -- even the camera.
Demand complete commitment
This means Apple must go further than delivering a permission-based system for contact data, it will have to ensure users have easily understood control over any data an app may wish to grab.
And it needs to figure out how to achieve this without diluting or over-complicating the iOS experience. Potentially each user would have access to a webpage on which they could review which apps have been given what permission to share what data, when that data was last accessed, and where it went.
Privacy is important. Respect for it shouldn't be something that requires controversy to achieve, it should be deep inside the company's DNA. That level of commitment makes absolute sense for competitive reasons, too.
Offering complete control over what information is shared, who it is shared with, and what usage you allow is made of your data by those firms you choose to share that data with isn't a luxury item but a potential feature.
Apple's iOS platform would be even more attractive if it promised complete privacy to users, particularly in an era when every major company wants as much of your personal data as they can get, without barrier, permission and free of any silvery-chrome restraint. Apple is a mature entity now and must decide whose benefit it exists for: for its own? For its partners? Or its customers?
Don't be evil, Apple.
Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when these items are published here first on Computerworld.