A recent blog by Dustin Curtis claims that iOS apps can access and upload a user’s contacts from the address book, without any explicit permission. While Apple does safeguard almost all local data on the iOS device, from images and video to location data, the report notes that Apple has “not placed any protections on address book in iOS.”
Dustin Curtis also claims to have done a “quick survey” of “15 developers of popular iOS apps,” and 13 supposedly admitted having large databases with millions of user contacts.
The post reads on:
"One company's database has Mark Zuckerberg's cell phone number, Larry Ellison's home phone number and Bill Gates' cell phone number. This data is not meant to be public, and people have an expectation of privacy with respect to their contacts."
If true, Apple should already know what’s going on, as it approves the guilty iOS apps, with ability to shunt user data on iOS devices to a remote server, without explicit permission. As ZDNet’s Jason D. O’Grady notes, this would mean Apple is violating its own Address Book policy in its Terms of Service, listed below:
17.1: Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected