Hacker News new | ask | show | jobs
by stevenou 5239 days ago
It is super curious why Apple decided to allow apps to access the Address Book freely. I'm releasing an app on the App Store next week and I definitely thought about all the evil things I could do to my users because Apple provides them no protection. And as a developer looking for success on the App Store, it is very tempting.

I once considered the possibility of uploading the entire address book to my servers, too. In fact, I even considered email/sms spamming everyone in those address books with "invitations" from the address book owner to download my app. Of course, I did not end up doing any of that nefarious stuff. Not even uploading the address book for innocent "Add Friends" features. But the fact remains that given the freedom to do so, almost every developer will be, at least, tempted to take advantage of it. Most will.

I honestly don't think Path did anything wrong and I'm sure they kept the information secure on their servers. It's Apple that somehow let this one slip through.
2 comments
eridius 5239 days ago
Your stance seems to boil down to "if Apple doesn't catch you and reject your app, then you've done nothing wrong", which seems preposterous.
link
stevenou 5239 days ago
I think you misunderstand. I think Path did nothing wrong not because they "weren't caught". I'm sure they keep their data secure and they only use it to benefit the user's experience - ergo, nothing wrong. On the other hand, if say, they spammed people's address books, then I would think they are in the wrong. Or if they sold the data, then they are in the wrong. But as far as I can tell, they did nothing bad.

Oh and by "let it slip through," I didn't mean the app itself, but the fact that the SDK requires no authorization from the user for any app to access the address book. Like the author of the article said, it requires it for location. Why on earth doesn't it require it for your contacts? They're arguably much more valuable.

link
rvkennedy 5239 days ago
Perhaps, to Apple, it's really not your data. When you put data on an Apple device, they consider it to belong to Apple. So the appropriate permission was granted when they accepted Path into the App Store. Maybe this is the Apple way of thinking?
link
jjtheblunt 5239 days ago
"When you put data on an Apple device, they consider it to belong to Apple."

What is the basis for that claim?

link
mattgreenrocks 5239 days ago
Inevitably, it ends up being the speaker's dislike of said brand.

Ah, Internet.

link
rvkennedy 5238 days ago
It's a supposition, sorry if thinking about the possibilities upset the fanboys out there.
link