|Apple’s iOS massive security problem: Contacts uploading is just the tip of the iceberg. Apps can upload all your photos, calendars or record conversations|
Seth Weintraub Apple Inc Discussion (40)
February 15, 2012 at 12:32 pm
Apple responded today to the contacts-sharing issue with a statement indicating it plans to put some form of a setting on contact data that would allow users to control who views the data, similar to the way Apple locks down location data.
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
Congress became involved and probably motivated the move, but the legislative body is not going to like what it hears.
The problem is that iOS apps not only have access to a user’s contacts database (including addresses and notes), but apps also have full and unencumbered access to everything in the iOS app sandbox, such as pictures, music, movies, calendars, and a host of other data. Any of this content is literally open for developers to freely transmit to their own servers while apps are open.
(note that pictures with geotags will pop up a Location dialog which can be averted in code with some well known tricks)
Moreover, approved apps also have access to the iPhone’s camera and microphone, so apps can also take pictures and make recordings without permission (although, this would be easy to detect by the user with the light from the front camera or red bar during audio). Photos, videos, and audio are transmittable securely or insecurely up to servers that you and Apple do not know about.
To developers, this is no big secret. It is not trivial, but putting that kind of functionality into an app is straightforward and only uses Apple’s publicly available and blessed developer APIs (which means this stuff will not likely be detected by Apple’s App Store approval process).
Obviously, shady developers and even government entities are probably already using such apps to gather information. Therefore, these are some scenarios:
A Spam marketing firm creates a free fart/flashlight app that—while using it—sucks up your complete contact address book and shoots it over the net to their servers securely.
A shady government creates a free photo app that automatically uploads any pictures geotagged in a particular area to their servers for free intelligence gathering. That also means users are traceable by picture-taking without location services toggled on.
Some important points to note:
Apps can only spy and slurp down your information when they are open. Just installing an app does not let this happen.
Obviously, most developers would never consider doing something like this, and most companies would never try to do this either, because word getting out would destroy them immediately. However, there are many developers out there, and it is trivial to get on Apple’s development platform.
Apps like Path were busted because it was transmitting data via SSL, but granting it a fake SSL certificate (Ed. Thanks commenter) actually let the developer watch the data as it is transmits. However, if data is encrypted without SSL, security experts and Apple cannot really see what is transferring securely, so it is harder to ferret out nasty applications
This is not specifically an iOS problem. Any desktop application can suck up data and send it to a server somewhere far away (including email). Android handles this a little differently: If an app wants access contacts, it asks permission upon installation. Most people do not look at this, but the onus is on the user to approve access. So, that is protection in name only.
What can Apple do about this?
There is not an easy answer. Obviously Apple plans to add a Location type control in Settings for contacts, but it cannot do that for /everything/.
If Apple decides it has to block access to these features, it would almost instantly break many apps that are not doing anything illegal.
Apple, in an upcoming release, could institute controls for everything meaning you would have to expressly give all apps individual permission to access location, contacts, camera, photos, etc.
In other words, opening Facebook would take 10 minutes.
It will be interesting to see what Apple does.