richi

Smartphone app spyware: It's 2002 all over again

by Administrator on 13-02-2012 11:25 AM - last edited on 13-02-2012 11:25 AM

Yet another smartphone app has been outed secretly copying your personal data. When I last wrote about this, it was Facebook, which takes a copy of your contacts without your permission (on Android, but it does ask your permission on iOS). 

Déjà vu! Anyone remember the spyware stories ten years ago?

This time, it's Path.com's turn to violate your trust. You've probably heard about the controversy, which blew up when Arun Thampi blogged about seeing his address book whiz by on the wire:

I observed a POST request to https://api.path.com/3/contacts/add...my entire address book (including full names, emails and phone numbers) was being sent...to Path.
...
I created a completely new “Path” and repeated the experiment and I got the same result. ... I love Path as an iOS app...but this seems a little creepy. I wonder how many other iOS apps actually do the same.

All this reminds me of the days of spyware. About ten years ago, programs like Gator, Zango, BargainBuddy, and CoolWebSearch got the tech cognoscenti up in arms over their shady activities.

Many spyware companies argued that their programs' license agreements specified that personal information would be collected, and that users had therefore agreed to the practice. However, such 'agreements' were almost always the result of users simply clicking Agree to a dense, multi-page contract.

And, as we all know, nobody ever reads those things.

Back then, the technology community sent a clear message to spyware companies that their activities were simply unacceptable. It's about time we repeated that warning to the fresh-face newbies writing smartphone apps.

It should be noted that Path has since seen the error of its ways and the latest version of the app first asks permission. Good job, but I can't help thinking that app authors prefer to ask forgiveness, rather than permission.

Don't be that guy and wait to be found out. Instead, earn our trust by demonstrating your openness and good faith.

At least when you install Android apps, you're told which special permissions this app requires. That way, you have a fighting chance to spot that the app wants access to your contacts before you blindly click Agree.

No such luck for iOS users: There are no nuances of permission exposed to the iOS user. Apple doesn't believe in sullying the simple and beautiful user experience of installing iOS apps. Or something.
 

Richi Jennings is an independent analyst, specializing in blogging, email, spam, security, and other technology topics. His writing has won American Society of Business Publication Editors and Jesse H. Neal awards. You can encircle him at +richij, follow him as @richi on Twitter, pretend to be his friend at Facebook.com/richij or just use boring old email: io@richij.com.

Labels:
Article Options
Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
 

The HP Input Output site is sponsored by HP and features articles and content from HP and third-party contributors. Third-party articles and content, while paid for by HP, do not necessarily represent the views and opinions of HP. HP does not endorse this content and is not responsible for its accuracy, availability and quality.

Follow Us
Spotlight
The Permissions Your Database Users Really Need (Video) The 16 Linux Shell Commands Every Desktop Linux User Should Know 7 Deadly Sins of Job Searching: Why You Still Don't Have a Job, and How to Get Back on Track 9 Tech Analogies That No Longer Mean Anything To Those Young Whippersnappers
┼ Based on energy, paper and toner savings from regular printer usage. Results may vary.