Brewster’s Address Book App Briefly Exposes Ashton Kutcher’s & Others’ Private Data; Company Says It’s Fixed

Brewster, the hot, new personalized address book app for iPhone, launched to much fanfare this week. But it also launched with a concerning bug. Some users reported they had the ability to see the personal contact information for people they shouldn’t have had access to, including the likes of one Mr. Ashton Kutcher, for example.

His wasn’t the only private contact information exposed, from what we’ve seen. Other high-profile people whose personal information was available included TechCrunch contributor MG Siegler, Path co-founder Dave Morin, Foursquare’s former Director of Business Development Tristan Walker, Foursquare co-founder Naveen Selvadurai, and more.

One Brewster user who discovered the problem was Marshall Haas, the co-founder and CEO of He tweeted about his discovery last night, and we reached out to him to confirm the issue was occurring. He sent over several screenshots as proof of the bug’s existence, which did indeed confirm that he was able to see things he should not, including email addresses and phone numbers. We’ve posted a couple here, with the personal information redacted.

Haas did the right thing, however, and notified the company of the issue, which is reportedly now resolved. I spoke with founder Steve Greenwood about the problem this morning, to confirm that it had been fixed. (If everyone could see Ashton’s and others’ private info, I would not publish this!).

Greenwood says that when the company was notified of Haas’s issue, they spoke with him and Haas was, by that point, unable to re-create the problem. “What was going on, as you can imagine, with a first day release,” explains Greenwood, “there were a bunch of things going well, and there were a bunch of things where we had bugs. We were deploying all day yesterday and into the night. And, as best as we can ascertain, there was an issue [Haas] had with Ashton’s information that must have been resolved by the deploys into production that we had done,” says Greenwood. “But that being said, we then went and looked everywhere, to see if this was anywhere else and we could not find any occassion of this issue.”

Greenwood continues, “there were bugs we had yesterday, this was one we took very seriously. We must have fixed it.” So, in other words, a one-off. But a bad one. And yes, it does appeared to be fixed at present.

But the issue highlights the potential privacy concerns of any “address book” replacement mobile application, and the very real risk that comes along with giving an app of any sort permission to access your iPhone’s contacts list. This is the same sort of concern that was blown out of proportion somewhat during Path’s “address book-gate,” for example. But it’s also why the crackdowns on the mobile app industry from government regulators are being taken seriously – and why they should be.

However, in this case, even tougher regulations couldn’t have helped the purported victims here – there were a ton of new users uploading their contact lists to the service. The victims themselves may have never even installed the app and shared their personal details.

We should also point out that it’s not just a new app’s bug that could leave you over-exposed, if however briefly. There’s also a general lack of understanding on the part of consumers as to whether the information you’re sharing with third parties is public or private.

“We’ve noticed there’s been some confusion over what you get access to over a third-party service when you’re connected with them, whether it’s an email, phone number or something like that,” explains Greenwood regarding other more general complaints. “We’ve also noticed around photos, there are public profile photos among certain services that have privacy settings that users select on that third-party service.”

User confusion is a problem that location-based “friend finders” like Highlight and Banjo face today. In Banjo’s case, for example, it’s able to locate people based on details they don’t even know they’re sharing – like geo-tagged tweets, for example, or Instagram uploads.

Still, let’s not throw out the baby with have the bathwater here. Brewster may have had a bug, Banjo may seem a bit creepy, Path may uploaded personal data without users’ permission. Yes, it’s all so very scary, right? But at the end of the day, the startups behind these apps are building tools and services that improve our lives, if we’re willing to give them enough breathing room to work out the kinks.