Using customized labels can help make your holiday cards look more modern and festive. In this article, you will learn how to make a group in your address book for holiday cards and print address labels based on that group in the color and style of your choice, including a photo. Read more
Although we are often skeptical of reports from security companies, a new report today from BitDefender highlighted just how important Apple’s new data isolation privacy initiative is in iOS. Starting with the public release of iOS 6 this fall, users will now be prompted to allow access to apps that want personal data such as contacts, calendars, reminders, and photos. However, until then, BitDefender claimed approximately 18.6-percent of the 65,000 iPhone apps included in its study can still access a user’s address book data, while 41 percent can track location.
“It is worrying stored data encryption on iOS apps is low and location tracking is so prevalent. Without notification of what an app accesses, it is difficult to control what information users give up… “We see a worrying landscape of poor user data encryption, prevalent location tracking and silent, unjustified, Address Book access.”
Apple’s merging of iOS with OS X continues today with our first glimpse at 10.8 Mountain Lion, the next major OS release for Macs. Of course, in the process of bringing the best of both worlds together, some things win out. In the case of Mountain Lion, several apps and features were replaced with their iOS counterparts. Here is everything from past OS X releases that died today at the hand of Apple’s iOS-ifying of Mountain Lion:
The app development world went into a frenzy when social network app Path was caught uploading users’ address book information without asking for permission last week. We already gave our view on the matter, but Forbes reported on a study by University of California at Santa Barbara yesterday that found Cydia apps leaked private data less than apps available on the iTunes App Store.
The group built a tool called PiOS that analyzes iOS apps for private data leaks. It looked at 1,407 free apps: 825 apps from the App Store; and, 526 apps from Cydia’s repository the BigBoss.
The findings indicated 21 percent of the App Store apps tested uploaded a users’ iOS device’s UDID, 4 percent uploaded location information, and .5-percent uploaded users’ address book—like Path did. When it came to the 526 apps tested on the BigBoss repo, only 4 percent leaked users’ UDID, and only one app leaked location and address book data.
Many people are under the impression that third-party apps do the majority of the uploading, but that might not be the case. Perhaps Apple’s new restriction on uploading address book information without permission will help remedy the situation.
You can view the study’s full graph after the break:
Apple responded today to the contacts-sharing issue with a statement indicating it plans to put some form of a setting on contact data that would allow users to control who views the data, similar to the way Apple locks down location data.
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
Congress became involved and probably motivated the move, but the legislative body is not going to like what it hears.
The problem is that iOS apps not only have access to a user’s contacts database (including addresses and notes), but apps also have full and unencumbered access to everything in the iOS app sandbox, such as pictures, music, movies, calendars, and a host of other data. Any of this content is literally open for developers to freely transmit to their own servers while apps are open.
(note that pictures with geotags will pop up a Location dialog which can be averted in code with some well known tricks)
Moreover, approved apps also have access to the iPhone’s camera and microphone, so apps can also take pictures and make recordings without permission (although, this would be easy to detect by the user with the light from the front camera or red bar during audio). Photos, videos, and audio are transmittable securely or insecurely up to servers that you and Apple do not know about.
To developers, this is no big secret. It is not trivial, but putting that kind of functionality into an app is straightforward and only uses Apple’s publicly available and blessed developer APIs (which means this stuff will not likely be detected by Apple’s App Store approval process).
Obviously, shady developers and even government entities are probably already using such apps to gather information. Therefore, these are some scenarios: