When WhatsApp, LinkedIn, Facebook etc access the iOS/OSX AddressBook, what do they get?

[hotpotato123]

I've been made aware that apps - such as Viber, WhatsApp, Facebook, LinkedIn etc download the entire Address Book. That's how they know who we are connected to.

My question is, when they download my address book, what do they get? Just names and email addresses with telephone numbers -- or do they also get the NOTES section.

It's just that, I'm sure, there are lots of people who are unaware of this risk, and put confidential information in the NOTES section.

Hence, do these App companies even download the NOTES?

 

[C DM]

Well, one thing to clarify there is that apps fist have to ask for permission to connect to something like contacts and the user has to approve that request in order for that to even happen.

 

[hotpotato123]

Well, one thing to clarify there is that apps fist have to ask for permission to connect to something like contacts and the user has to approve that request in order for that to even happen.

Yes, do you read any of the EULA licences? I suspect most people blindly click OK so that they can use the Apps.

It's sickening to think that they download even the Notes. What need do they have to access the Notes? Many users, perhaps unwittingly, put very confidential information in the Address Book Notes. The Apps don't need the Notes to operate their Apps, so this is blatant data harvesting.

Apple should have made a way of Apps getting selective access to the Address Book, only getting those parts that are needed to operate the App, e.g. contacts names and email addresses.

 

[C DM]

Yes, do you read any of the EULA licences? I suspect most people blindly click OK so that they can use the Apps.

It's sickening to think that they download even the Notes. What need do they have to access the Notes? Many users, perhaps unwittingly, put very confidential information in the Address Book Notes. The Apps don't need the Notes to operate their Apps, so this is blatant data harvesting.

Apple should have made a way of Apps getting selective access to the Address Book, only getting those parts that are needed to operate the App, e.g. contacts names and email addresses.

People are free to select what they want. In most cases it doesn't affect their use of the app/service.

As for the notes part, it seems that you are asking about it, and yet also saying that it's how it works--then why the question if you seem to know how it works?

 

[Phil A.]

The notes field is available to apps you grant contacts access to, but whether individual apps read it or not is something only the developers would know

if it's something that bothers you, either don't give access to contacts to third party apps or don't store confidential information in insecure locations

 

[DCIFRTHS]

I've been made aware that apps - such as Viber, WhatsApp, Facebook, LinkedIn etc download the entire Address Book. That's how they know who we are connected to.

My question is, when they download my address book, what do they get? Just names and email addresses with telephone numbers -- or do they also get the NOTES section.

It's just that, I'm sure, there are lots of people who are unaware of this risk, and put confidential information in the NOTES section.

Hence, do these App companies even download the NOTES?

Just curious: What kind of private information would go in the Notes section? Things like birthdays, children, SS numbers or PIN numbers? Serious question - no sarcasm intended.

 

[hotpotato123]

Just curious: What kind of private information would go in the Notes section? Things like birthdays, children, SS numbers or PIN numbers? Serious question - no sarcasm intended.

It's only recently that it dawned on me that the contents of the Address Book was being freely shared around, as a consequence of using popular Apps.

There was a time I did not know -- and I think many simple users are in that state of being unaware.

The notes section was at useful places to make notes about the particular person. e.g. credit card details, bank account details if payments were to be made to a friend, birth dates etc. Very serious information that pertained to that person, and I didn't realise all that could be divulged to third parties, simply by wanting to use popular Apps.

Maybe for people who frequent a Mac forum, that's obvious, but there was a time I had no idea. And there's lots of people, who aren't computer savvy, who are unaware of what they're giving over when they simply want to use a popular App to communicate with their friends who use the same App.

Of course, now, I've removed all that sort of info from my Notes -- but maybe it's too late.

 

[simon lefisch]

Not saying you should do this, but your better off storing info like credit cards/etc in the Notes app since it can be secured by passcode/Touch ID and it is not accessed by the Contacts app. I would NEVER use the notes section of the Contacts app to store CC/bank account info.

 

[C DM]

It's only recently that it dawned on me that the contents of the Address Book was being freely shared around, as a consequence of using popular Apps.

There was a time I did not know -- and I think many simple users are in that state of being unaware.

The notes section was at useful places to make notes about the particular person. e.g. credit card details, bank account details if payments were to be made to a friend, birth dates etc. Very serious information that pertained to that person, and I didn't realise all that could be divulged to third parties, simply by wanting to use popular Apps.

Maybe for people who frequent a Mac forum, that's obvious, but there was a time I had no idea. And there's lots of people, who aren't computer savvy, who are unaware of what they're giving over when they simply want to use a popular App to communicate with their friends who use the same App.

Of course, now, I've removed all that sort of info from my Notes -- but maybe it's too late.

Apps have been asking for permission to access/use contacts, among other things on the device, for quite some time now. There really ain't something to not know as you are clearly prompted for permission and have to make a decision. Denying that permission generally didn't stop one from using many apps.

 

[JT2002TJ]

I think those debating the original poster are missing the point. Granting access to contacts, should be a tiered approach, controlled by apple. Something like this:

Grant access to Contacts (the rest are greyed out until this is on)
Grant access to Names (default to off)
Grant access to Phone (default to off)
Grant access to Address (default to off)
Grant access to Birthday (default to off)
Grant access to Notes (default to off)

This should be within each apps menu within settings. This should be the only way an app should be able to access contacts.

It shouldn't simply be all or nothing, giving apps full access when allowed.

 

[DCIFRTHS]

I think those debating the original poster are missing the point. Granting access to contacts, should be a tiered approach, controlled by apple. Something like this:

Grant access to Contacts (the rest are greyed out until this is on)
Grant access to Names (default to off)
Grant access to Phone (default to off)
Grant access to Address (default to off)
Grant access to Birthday (default to off)
Grant access to Notes (default to off)

This should be within each apps menu within settings. This should be the only way an app should be able to access contacts.

It shouldn't simply be all or nothing, giving apps full access when allowed.

Ideally, this would be the way to go.

 

[C DM]

I think those debating the original poster are missing the point. Granting access to contacts, should be a tiered approach, controlled by apple. Something like this:

Grant access to Contacts (the rest are greyed out until this is on)
Grant access to Names (default to off)
Grant access to Phone (default to off)
Grant access to Address (default to off)
Grant access to Birthday (default to off)
Grant access to Notes (default to off)

This should be within each apps menu within settings. This should be the only way an app should be able to access contacts.

It shouldn't simply be all or nothing, giving apps full access when allowed.

While more options and controls would be a nice thing, in the overall sense, from a typical user side of things, something like that could be seen as somewhat of a more negative user experience where users are overwhelmed with more options and information than they typically would be willing to put up with (keyword there being typical).

More as an observation and a sidenote than anything else, when it comes to this kind of thing on a platform like Android, which is known to be more customizable and configurable, placing much more into user's hands, something like this doesn't quite exist there either (as far as I recall), and, in fact, has actually been worse than that for quite a while where separate permissions for different things (like contacts, photos, microphone, etc.) couldn't even be granted/modified as all of them were bundled together and had to be granted at the time of app installation, otherwise an app couldn't even be installed.

 

[JT2002TJ]

While more options and controls would be a nice thing, in the overall sense, from a typical user side of things, something like that could be seen as somewhat of a more negative user experience where users are overwhelmed with more options and information than they typically would be willing to put up with (keyword there being typical).

It was acceptable in the beginning. But when the iphone first came out, we (as a society) were not storing as much personal data in our phones. We now have reached a point where our phones contain more personal data about us, and our loved ones than anything else. It is time to put "negative user experience" after security of data. But, if you insist, default all the sub options to "on" and allow the user to shut off what is or isn't allowed.

Shoot... start with making it a universal option were a user selects it once in the OS, and each app has the option to access information made available during this setting or not. This should hold app development/iOS development over until it can be made down to the app level.

 

[C DM]

It was acceptable in the beginning. But when the iphone first came out, we (as a society) were not storing as much personal data in our phones. We now have reached a point where our phones contain more personal data about us, and our loved ones than anything else. It is time to put "negative user experience" after security of data. But, if you insist, default all the sub options to "on" and allow the user to shut off what is or isn't allowed.

Shoot... start with making it a universal option were a user selects it once in the OS, and each app has the option to access information made available during this setting or not. This should hold app development/iOS development over until it can be made down to the app level.

Like I mentioned, I personally agree with more controls pretty much for everything. But that doesn't quite seem to be the approach when it comes to typical users, especially in iOS that tries to simplify things (and it seems even in more customizable and open environment like Android). Perhaps/hopefully that will change at some point.

 

[KALLT]

Apple’s developer documentation has a list of properties that developers can fetch for each contact.
https://developer.apple.com/library...ndex.html#//apple_ref/occ/cl/CNMutableContact

Before iOS 9, there was another framework. You can find the properties under ‘Constants’. https://developer.apple.com/library...ook/Reference/ABPersonRef_iPhoneOS/index.html

Assume that all data points are accessible.

 

[crashnburn]

Apple’s developer documentation has a list of properties that developers can fetch for each contact.
https://developer.apple.com/library...ndex.html#//apple_ref/occ/cl/CNMutableContact

Before iOS 9, there was another framework. You can find the properties under ‘Constants’. https://developer.apple.com/library...ook/Reference/ABPersonRef_iPhoneOS/index.html

Assume that all data points are accessible.

Great research.