Apple has updated its App Store guidelines to bar developers from harvesting data from a user’s friends.
Along with other changes to the review guidelines, the Cupertino tech giant expanded the rules on data sharing and data use. The changes were made after the debut of iOS 12. This particular change was first spotted by Bloomberg.
The quiet revision has closed a loophole that has been taken advantage of for years.
Apps often ask users for access to their device’s contacts list. Previously, these developers would then use that data for marketing or targeting purposes without the explicit permission of the people on that contacts list.
If that sounds familiar, it’s because it’s basically why Facebook came under fire during the Cambridge Analytica data scandal. The political consultancy firm essentially used lax app permissions to harvest data from millions of users without their knowledge.
Apple has criticized the social media juggernaut for the slip-up, as well as how it handles user data more generally. Now, it seems, Apple is following up its words with concrete actions.
As for why this change is so important, one developer gave Bloomberg a worrying summary of the types of data developers could gain access to. “The address book is the Wild West of data,” said the developer, who chose to remain anonymous.
With a simple “OK” response to an app permission request, developers could gain access to names, phone numbers, birth dates, home and work addresses for a user’s various contacts, along with other information. If a photo is attached to a contact, a developer can see that, too. That may be concerning in the post-facial recognition age.
“I am able to instantly transfer all the contacts info into some random server or upload it to Dropbox if I wanted to, the very moment a user says okay to giving contacts permission. Apple doesn’t track it, nor do they know where it went,” the developer told Bloomberg.
In addition to banning data harvesting of a user’s friends list, the updated App Store guidelines also place additional restrictions on how user data may be used. That includes forbidding apps from covertly building “user profiles” from that data.
If a developer gets caught breaking the new guidelines, they can have their app pulled — or could even be permanently banned from the app marketplace.
Of course, while the change is likely to make privacy-conscious users happy — it doesn’t apply retroactively. While Apple has essentially cut off developers from harvesting this data in the future, it cannot delete or revise the data that developers have gathered in the past.
Apple has had a longstanding commitment to protecting its users’ privacy. Often, this places the company at odds with government entities, as well as other tech giants that leverage user data for targeted advertising or marketing purposes.
The Cupertino tech giant also recently banned on-device cryptocurrency mining with another revision to its App Store Review Guidelines.