What a week! In the past seven days I’ve watched the fact that an iOS app was uploading your Address Book tear our industry a new one. Path’s “Find your Friends” feature has now ripped apart friendships, driven apart investors and founders and made Robin Wauters leave TechCrunch (okay, just kidding on that one).
Jokes aside, until Arrington wrote this counterpoint about Foursquare this morning, Path was hung out to to dry by the tech press despite everyone vaguely knowing that tons of apps did this, and then the tech press were hung out to dry by the former tech press and then finally Jennifer Bruin, the voice of reason over at VentureBeat, was like, “But guys, guys other big iOS apps like FoodSpotting, Facebook, Twitter and Instagram also upload your contacts to their servers on some level!” — Beating all us navel-gazers to writing the story we should have been.
For the record Beluga and Gowalla also uploaded your Address Book to their servers, not like that matters now.
Throughout this blog bloodbath, Apple has been quiet, as app after app gets thrown under the Address Book-gate bus and the tech press jostles for power defending or degrading their respective honor. Enough is enough.
The reality here is that most of the fault here lies with Apple; A solution exists in plain sight — And it’s primarily Apple’s responsibility, not an individual developer one.
Step 1) Apple should add a mandatory Permissions Dialogue for apps that want to use your Address Book information.
Much like Apple requires a notification for apps that want to use your location information and send you push notifications, and Android does for, well funnily enough, apps that want to use your Address Book information among a million other things.
Sure some argue that even more notifications would make the user experience ugly. You know what else is ugly? This mess.
Step 2) Apple should mandate “hash and match” encryption of any Address Book data that apps upload.
You think this would be impossible to scale? It’s not — If a humble app like BrightKite can hash and match emails with their “Find Friends” feature (described in detail here) you can too!
Okay, there might be some debate about how useful Step 2 is. Fine. Can we all agree that number one is at least a step in the right direction?
“With regards to prompting for permission, this one just seems plain silly,” writes BrightKite and Forkly founder Brady Becker in a blog post about app best practices, “Apple prompts you if an app wants to use your location, or wants to send you push notifications, but not if it wants to access your Address Book. Even my old Nokia 6620 did that, in 2004 mind you.”
If this latest tech drama has taught us anything, it’s that the data on your Address Book is as sensitive as your location. And should be subject to platform-level standards and best practices at the least.