Tightened Security, Regulated App Permissions in Store for iOS 6

ID THREATPOST:35631C68EE44E704AA1EB39931079B79
Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:32:01


In a move that will patch several loopholes with its iPhone, the newest iteration of Apple’s mobile operation system, iOS 6, will come with heightened security, it was revealed at the company’s Worldwide Developers Conference (WWDC) this week.

Releasing this fall but currently available in beta, iOS 6 will now request users’ explicit permission before allowing third-party applications access to certain information. This includes the phone’s contacts list, calendars, reminders and photo library.

The following text can be found in iOS 6’s release notes, according to Macrumors.com:

For contact, calendar, and reminder data, your app needs to be prepared to be denied access to these items and to adjust its behavior accordingly. If the user has not yet been prompted to allow access, the returned structure is valid but contains no records. If the user has denied access, the app receives a NULL value or no data. If the user grants permission to the app, the system subsequently notifies the app that it needs to reload or revert the data.

The change comes after several apps on the iPhone were criticized earlier this year for not transferring users’ personal data securely.

It was discovered in February that Path, a social network app that allows friends to share photos and messages was uploading its users’ address book to a server without their prior authorization. Path eventually rectified the situation by releasing a new version of the app that allowed users to opt in or out of sharing their contacts.

Following Path’s privacy fiasco, U.S. Congressmen Henry Waxman and G.K. Butterfield sent a letter to Apple in hopes it would clarify the company’s data collection policies. Soon after, Apple confirmed that “any app wishing to access contact data will require explicit user approval in a future software release.”

Researchers and developers working with the New York Times later in February found that third-party developers could access users’ iPhone, iPod Touch or iPad photos after exploiting a location data loophole in Apple’s iOS.

Last week, before it’s much-buzzed about password breach, LinkedIn caught the criticism of privacy advocates after its mobile application was found transmitting information from users’ calendar apps, including meeting notes, phone numbers and passwords in plain text. LinkedIn later tweaked the app and claimed it would no longer send data from the calendars of users.

While the tightened security features should help curb controversies like these going forward, Apple still has a handful of issues to address with the iPhone, including calming mounting privacy problems with its personal assistant, Siri and creating a more refined passcode system.