I wrote about the recent Path cock-up for .net earlier this week. The short version is that a dev was making a Path client for OS X and realised the iOS app was uploading his entire address book to Path’s servers. Path has since nuked all data it took and made the process opt-in, although the CEO had previously argued:
This is currently the industry best practice and the App Store guidelines do not specifically discuss contact information.
Since then, it’s been discovered that uploading your contacts isn’t an uncommon practice, and this led UI designer Dustin Curtis to say:
I fully believe this issue is a failure of Apple and a breach of trust by Apple, not by app developers. The expectation of Address Book privacy is obvious; in fact, one person on Hacker News, in response to learning about Path’s use of the data, said, “Apple would never do this to their users.” Because Apple has your trust and yet gives this private information freely to developers, Apple does do this to their users. All of them.
I find this argument outrageous. Apple’s terms state:
17.1: Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
But more to the point, why should Apple become a watchdog for the less-than-moral behaviour of some developers? Just because you can do something, that doesn’t mean you should. And if your app is grabbing and uploading personal data, you should figure out whether this is absolutely necessary, and also decide on how you’re going to inform the user that this is happening. It isn’t Apple’s job to stop you or make the decision about how you handle such data—that’s your job as a trustworthy developer.
Update: Ben Brooks disagrees:
If you live and play in the Apple world, you need only trust Apple. This is what Apple tells us — it’s a ‘feature’ of the Apple ecosystem.
The fact is, that in this instance, Apple broke that trust.
I’m not sure what the alternative is. No access to the data? Access only on opt-in (which people tap anyway, regardless and without thinking, and that drives admins bonkers)? But my point stands that Curtis’s argument that this is all down to Apple and not down to devs, despite the existing Apple terms, is hogwash.