Hacker News new | past | comments | ask | show | jobs | submit login

As an iOS developer, I've been surprised all along that the SDK gives you full access to the address book without asking for permission (like Core Location and the Apple Push Notification Service). I've always thought that would one day change, and I suspect that posts like this and the one about Path will make that happen.



I'm also an iOS developer although I've never needed to use the Address Book API's. I always presumed that some sort of permission was required I'm really surprised it isn't. I actually think this is a bigger privacy concern than location access as not only are you giving away access to your contact details but everyone who has trusted you with theirs.


But we are living in a FaceBook World™. And 'contacts sharing' with companies is completely ubiquitous.

I understand the complaints about all this, but isn't there a massive elephant in the room that everyone has temporarily forgotten?


I can see a good argument in favour of it - of _course_ I want non-apple apps to be able to autocomplete friends names/emails as I start typing them. And of _course_ apps need to be able to send a bunch of data "back home". Making sure that apps don't send the addressbook data from sentence 1 in a data block from sentence 2 is the problem...


The problem is that making a change like requiring authorisation (à la Core Location) for Address Book would cause backwards compatibility hell.


iOS could prompt the user for permission when the contact list is accessed, with temporarily/permanently allow/deny options. If the user says yes, the app gets access, if the user says no, the app gets "spoofed" access, to an empty contact list.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: