Stealing Your Address Book
John Gruber in response to Dustin Curtis:
I understand that Apple doesn’t want us to be badgered by too many permission-granting alerts, but address book data is sensitive enough to warrant it, in my opinion. Why not treat it like they do location data?
It may seem like a gaffe on Apple’s part at first glance, but I think it’s because address book upload is an edge case that Apple either never saw coming or never thought would be a wide-spead problem. The original intent for the API was to grant the ability to build custom views to navigate address book contacts in an app. Under normal circumstances, asking for permission to view address book data is along the same lines as asking for the music library in a music app (which is another personal data API that can be accessed without alerting the user.)
Put simply, Apple probably never thought about using the address book API as a way to spam your friends about a new social network.
Source: daringfireball.net
2 Notes/ Hide
-
topherchris liked this
-
redcloud liked this
-
jeffrock posted this
