Details are finally starting to trickle out about how various iOS apps use the address book data on your phone. The Verge and Venture Beat both have good article on the subject. What they’re finding is nowhere near the 13/15 ratio that Dustin Curtis reported last week but Curtis has also said:
Second, for obvious reasons, I promised the developers I reached out to that I would never reveal who they are. Many of them have, since last week, changed their practices.
What I like about The Verge and VB articles is that they both end with Apple’s role in all this. In a future release, Apple should make sure that rogue parties can’t do stuff like this. If you’re going to have a store where every app has to be approved for the good of the end users and the integrity of the system, this is *exactly* the type of thing they should be concerned with.
Update: Insider did some digging as well.
Yesterday, developer Arun Thampi noticed that the Path iPhone app uploads a user’s address book to their server without asking the user first. And by address book, I mean all the phone numbers and addresses and email addresses of everyone in your phone’s address book just gets sent off to Path. And not only that, Path stored that information on its server. To their credit, Path apologized and deleted the data from their server.
But this is a larger problem than just Path. In a post from earlier today, Dustin Curtis reveals the dirty little secret of iPhone developers everywhere.
It’s not really a secret, per se, but there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference. It’s common practice, and many companies likely have your address book stored in their database. Obviously, there are lots of awesome things apps can do with this data to vastly improve user experience. But it is also a breach of trust and an invasion of privacy.
I did a quick survey of 15 developers of popular iOS apps, and 13 of them told me they have a contacts database with millons of records. One company’s database has Mark Zuckerberg’s cell phone number, Larry Ellison’s home phone number and Bill Gates’ cell phone number. This data is not meant to be public, and people have an expectation of privacy with respect to their contacts.
13 out of 15! Zuckerberg’s cell phone number! Maybe I’m being old-fashioned here, but this seems unequivocally wrong. Any app, from Angry Birds to Fart App 3000, can just grab the information in your address book without asking? Hell. No. And Curtis is right in calling Apple out about this…apps should not have access to address book information without explicitly asking. But now that the horse is out of the barn, this “quiet understanding” needs to be met with some noisy investigation. What happened to Path needs to happen to all the other apps that are storing our data. There’s an opportunity here for some enterprising data journalist to follow Thampi’s lead: investigate what other apps are grabbing address book data and then ask the responsible developers the same questions that were put to Path.
Update: I am aware of this very confusing display of data from the Wall Street Journal. It indicates that of the ~50 iPhone apps surveyed, only three (Angry Birds, Facebook, and TextPlus 4) transmit address book data to a server. That’s not exactly the widespread problem that Curtis describes (the data sets are likely different)…it would be nice to see the net cast a bit wider.
Update: Oh, and that WSJ survey is two years old. (thx, @marcprecipice)
Using a link to his Twitter account from his blog, Dustin Curtis tested the effect of language on clickthrough rates.
Making the phrase more direct and personal by adding the words “you should” increased the clickthrough rate by 38% to 10.09%.
Curtis started out with “I’m on twitter” and eventually increased the clickthrough rate by more than double by changing the wording to “You should follow me on Twitter here.” (And Jesus, gorgeous site design too.)