Apple forbids sharing, sales, and database building of "contact data of iPhone users" Execute App Store policy change



Apple decided to change the policy of the App Store and new restrictions will be placed on the form that developers use data of friends and acquaintances of users stored in user terminals.

Apple Tries to Stop Developers Sharing Data on Users' Friends - Bloomberg
https://www.bloomberg.com/news/articles/2018-06-12/apple-cracks-down-on-apps-sharing-information-on-users-friends

◆ Actual state of sharing of "contact" data
The "contact information" information saved in the user terminal is permitted to be used by the developer (application maker) as an application function on condition that the user agrees. For example, in LINE, sharing of contact information of users is used as a function of the application, such as users who share contact information are presented as "They might know each other".

However, the restrictions on the handling of data collected with the permission of the user are loose, and it is not easy to use data other than for the purpose of obtaining permission, construct a database of collected user information, There were acts of selling to the people. According to iOS application developers who responded to Bloomberg's coverage subject to anonymity, the information shared by the user's permission is not limited to name and telephone number, but date of birth, home and work address, face photograph data, etc. It will extend to other information. Also, since it is possible to track when entries of contacts were created, when they were edited, etc., grasp the relationship of friendships such as the authenticity of the registered telephone number and whether it is an old acquaintance or a new acquaintance Even possible. Anonymous iOS developers said, "Contact information is like" data clearing. "The moment the user taps" OK ", you can transfer the collected data to a random server, Or you can not track where the data came from, Apple said. "


It is obvious that a great deal of privacy is hidden in the actual situation that "contact data" which should be called "chunk of personal information" is easily collected and used beyond the assumption permitted by the user. In addition, contact users who gathered and shared information as "data possessed by users" will not be asked for permission to share data, in that they do not even have to know that data was shared in the first place , It was pointed out that there is a problem in the form of sharing contact data of users.

New restrictions by Apple
Bloomberg reports that Apple has changed the review guidelines for new restrictions on developers regarding handling of this "user's contact data".

Under the new rules, it is forbidden to collect contact information and create a database. For this reason, it is naturally prohibited to share the database and sell it to third parties. Furthermore, permission to use contact information is not comprehensive permission but will be required for each purpose. In other words, even if the developer obtains permission for contact information for a specific purpose of use, it can not be used for another purpose, in which case you need to get permission again. Developers who violate these usage rules, in the worst case, may be BANed from the App Store.


Behind the fact that Apple places limits on the use of contact data,Problems of leakage of user data by FacebookIt is clear that there is. As a result of permitting access to data of friends and acquaintances held by users, cases where personal information was gathered to Cambridge Analytica secretly and developed into a big privacy problem, provide the App Store and collect developer data to developers It is not a fire on the opposite shore for admitting Apple.

Under the new policy launched by Apple, in the future it is necessary to comprehensively gather data of other people that the user saves in "contacts", share it with a third party, sell it to a third party Although it will be prohibited to act, it is the same structure as Facebook, "There is no way to regain personal information that has already been gathered and there is no way to restrict the act of using it".

in Mobile,   Software,   Security, Posted by darkhorse_log