Article Options
St0rmz

IOS 6 Privacy Button - the big Apple CYA

by nCircle Staff ‎06-19-2012 08:16 AM - edited ‎06-19-2012 08:17 AM

Apple has taken a lot of public hits for their weak data privacy approach for iPhone and for iPhone apps.  

In February we found out  Path was uploading users’ address books to a server without asking for permission.

Later the same month researchers working with the New York Times found third-party developers could access users’ iPhone, iPod Touch or iPad photos after exploiting an iOS location data loophole.

Of course, this has been going on for much longer than that. Late in 2010 the Facebook iPhone app silently uploaded all your contact numbers into Facebook. In 2011 we found out that Apple was storing GPS data and storing it on your phone.  

The Path disclosure ruffled some Congressional feathers and U.S. Congressmen Waxman and Butterfield sent a letter to Apple asking for a 'clarification' of the company’s data collection policies. Apple soon decided  that “any app wishing to access contact data will require explicit user approval in a future software release.”

So, now we have a classic Apple response to these privacy issues. iOS6 has a new 'permissions' dialog box that asks the user to grant explicit approval to an application that wants to access personal data like contacts and calendars.

Ryan Naraine compared the user experience of this approach to Microsoft's UAC; that seems pretty apt.   I don't have any hard data about UAC, but the majority of people I've seen interacting with UAC have one of two responses: either they turn it off or just always click 'OK' without reading the dialog box.

Instead doing the difficult work of putting together a privacy policy that has some teeth or going after app developers already violating policies, Apple has basically decided to annoy their users by requiring them click through a dialog box for just about every app on their phone. These dialog boxes are going to be like one of those whack-a-mole games - exactly the kind of thing users despise and ignore completely.

This approach adds no value to Apple users, it's nothing but a CYA for Apple lawyers.  

Here's what the dialog box should really say:


1.png

 

 

2.png

 

In reality that dialog box should say something like please hit OK now so some company can steal all your personal data and share it with third party marketing companies and who knows who else.

 

Lets face it, Apple knows full well you would rather be shooting pigs with birds than worrying about your privacy.

 

*Graphics courtesy of our talented graphics guy. Not actual screen shots.

8 Kudos
Comments
by jeff_harrell on ‎06-19-2012 09:56 AM
Options

Every time I get a pop up box requesting my permission to do something, I just assume it's asking me if it's ok to steal my data. Since, you know, that's probably what it means.

2 Kudos
by metermaid on ‎06-19-2012 11:58 AM
Options

Old School Cell Phone.jpg

 

Life was so much simplier when mobile phones were only meant for phone calls...

3 Kudos
by nCircle Staff on ‎06-19-2012 12:08 PM
Options

Apple isn't the only company that has lousy transparency around user privacy, but this is really annoying. I'll bet I'm going to have to click through these boxes everytime I update my apps.

 

0 Kudos
by nCircle Knowledge Manager nCircle Knowledge Manager ‎06-19-2012 12:14 PM - edited ‎06-19-2012 12:17 PM
Options

This is yet another example of the everyday psychological effects of the scale and complexity of the modern computing environment. Right now it seems like there's a lot of collective denial about privacy (and security for that matter). We know there are problems, but since we feel helpless to do anything about them, and we know everyone else is in the same boat, we choose, perhaps implicitly, to ignore the consequences.

 

Until privacy law catches up with technology (and perhaps not even then), the only effective countermeasures are disinformation and booby trapping the data. An example would be to find out the phone numbers of privacy abusers and add them to your contact list under false names. Or do the same thing with major news organizations, the FTC, and members of Congress. Marketers won't want the data if they know it's invalid or may cause undesirable consequences.

1 Kudo
by nCircle Exec on ‎06-19-2012 12:51 PM
Options

Just heard that it would take a person a month of time to read through all the license agreements *most* people just click through...

0 Kudos
Join the Conversation

Terms of Service

Share This Article
About Andrew Storms

Subscribe to the Sync RSS Feed

As nCircle's Director of Security Operations, Andrew Storms is responsible for the definition and enforcement of the company's security compliance programs as well as overseeing day-to-day operations for the Information Technology department. Andrew's commentary on IT security issues has appeared in CNBC, Forbes and The New York Times, as well as many other publications. He is a Certified Information Systems Security Professional (CISSP), a member of Infragard and a graduate of the FBI Citizens' Academy.

Andrew Storms' Twitter Feed
Popular Blogs & Forums