Blame Apple, part 3463: it shouldn’t allow devs to be naughty
I wrote about the recent Path cock-up for .net earlier this week. The short version is that a dev was making a Path client for OS X and realised the iOS app was uploading his entire address book to Path’s servers. Path has since nuked all data it took and made the process opt-in, although the CEO had previously argued:
This is currently the industry best practice and the App Store guidelines do not specifically discuss contact information.
Since then, it’s been discovered that uploading your contacts isn’t an uncommon practice, and this led UI designer Dustin Curtis to say:
I fully believe this issue is a failure of Apple and a breach of trust by Apple, not by app developers. The expectation of Address Book privacy is obvious; in fact, one person on Hacker News, in response to learning about Path’s use of the data, said, “Apple would never do this to their users.” Because Apple has your trust and yet gives this private information freely to developers, Apple does do this to their users. All of them.
I find this argument outrageous. Apple’s terms state:
17.1: Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
But more to the point, why should Apple become a watchdog for the less-than-moral behaviour of some developers? Just because you can do something, that doesn’t mean you should. And if your app is grabbing and uploading personal data, you should figure out whether this is absolutely necessary, and also decide on how you’re going to inform the user that this is happening. It isn’t Apple’s job to stop you or make the decision about how you handle such data—that’s your job as a trustworthy developer.
Update: Ben Brooks disagrees:
If you live and play in the Apple world, you need only trust Apple. This is what Apple tells us — it’s a ‘feature’ of the Apple ecosystem.
The fact is, that in this instance, Apple broke that trust.
I’m not sure what the alternative is. No access to the data? Access only on opt-in (which people tap anyway, regardless and without thinking, and that drives admins bonkers)? But my point stands that Curtis’s argument that this is all down to Apple and not down to devs, despite the existing Apple terms, is hogwash.
It is Apple’s job because Apple curates the App Store.
When Google’s Market Place is full of trojans why don’t you say it’s the job of trustworthy developer to trust users. Why do you go and blame Google for a shitty market place experience?
[…] In partnership with: It’s About Trust and Apple Broke It Friday, February 10, 2012Craig Grannell responding to the idea/ragae that Apple should have prevented Path from uploading a u…:But more to the point, why should Apple become a watchdog for the less-than-moral behaviour of some […]
Agree with Mugunth. It should not be Apple’s job to police developers. But with the App Store, Apple *made* it its job, for better or for worse.
People trust the App Store because they trust Apple to protect them from stuff like this.
Apple absolutely has that responsibility. Users expect this because Apple and the tech press tout the closed nature of the app store. Every single time their is a comparison between marketplaces, the point is made that Apple’s is safer because Apple polices it, and this influences a good chunk of customers.
This to me is much more troubling than the location data debacle not too long ago. My address book, like most others, has names, addresses, phone numbers, birthdays, employers, etc. for the people I care about. The only thing missing on many is a social security number. I’d consider my address book one of the most confidential files on my phone, and if Apple is going to police the App Store, I think guarding against this problem should be a high priority.
[…] Craig Grannell says it best: Just because you can do something, that doesn’t mean you […]
[…] his blog Revert to Saved, Craig Grannell, a designer, argued that a developer’s job is to be “trustworthy”. He […]