The first app to have been removed from Apple’s AppStore is Aurora Feint, an exciting and well-done (and free) game. The reason is that AF did something weird and insecure with your contact list, submitting it to a centralized server, unecrypted and without user intervention.
Apple pulled it for the time being, and very good that they did, until the developers manage to fix the issue. There are, however, a few other points worth making.
First, what kind of review does Apple do before apps hit the store? I mean, I would expect something like this would have been caught by their Q&A and the app never should have appeared there in the first place. Is that not the whole reason? While certainly the AppStore is a great thing for Apple, their much-discussed review process, for being as lengthy as it is, would need to cover these things. This happens, and then there’s Loopt that also does screwy things - I am wondering what else is left unchecked?
Second, is not the Address Book as big a privacy concern as the Location Services? Moreso because others’ information is exposed, and it could be incredibly beneficial for a number of unsavoury characters to exploit these things. The API needs to behave with the Contact List information as it does with the Location Services, and prompt the user for confirmation. Even better, to avoid pressing a thousand OKs, an extra pane in the Settings screen could allow the user to give permissions to all the apps installed (set and forget) and that would be even better1. And yes, “Ask Everytime” is an OK opyion, as long as the user is aware. I already have apps that I would like to turn off location requests for altogether, and my Twitter stream tells me I am not alone.
I think Apple is very young when it comes to security. Granted, security and user experience do not work too well together most of the time, but I am certain that the great engineers in Cupertino can find a good way for this marriage to work. Increased popularity means increased attention from the ‘bad people’ and increasingly-likely PR problems, not to mention customer disatisfaction.
- Prompts for apps that have no settings applied to them would still be OK [↩]
