Unless you’ve been living under a rock for the past week or so, you know that a few companies have come under fire for having apps that transmit and store your address book’s data without asking you first. While this may have seemed like a witch hunt, some good things have come out of it and Apple has stepped in.
Path was the app that started this whole thing, as it was discovered that the company was grabbing your address book data and storing it to let you know when new friends joined the service. It’s doubtful that Path or any other company was doing anything nefarious with your data, but the fact that we didn’t know about it was irksome. Path has since released an update which explicitly requests permission for access to your address book.
F**k it, we'll do it live!
Our biggest ever edition of TNW Conference is fast approaching! Join 10,000 tech leaders this May in Amsterdam.
But what about other apps that we use on a daily basis? Foodspotting was proactive about address book concerns, but there might be others that haven’t come forward yet.
Enter a handy app for the Mac called AdiOS created by Veracode. In a blog post today, Veracode’s Mark Kriegsman explained the reason for creating AdiOS, which scans iTunes for all of your installed apps to make sure they’re on the up-and-up:
To find out how many of my iPhone apps were dumping the address book, I put together a utility called AdiOS (Addressbook Detector for iOS) that lets Mac users scan the iOS apps in your iTunes directory to see if they have the potential to dump your phone book externally. AdiOS detects apps that access your entire address book, by using a binary grep to look for use of the ABAddressBookCopyArrayOfAllPeople API call. AdiOS quickly and easily finds all the apps that have the potential to violate your privacy. It could also be used to see if your apps are complying with the new policies Apple is rolling out around protection of Address book information.
AdiOS will scan through all of your installed apps and check for a line of code which denotes that your address book can be copied by it. This scan won’t tell you if the company is transmitting or storing your data, but it will give you a good idea of which apps can access your address book. You might actually catch a few that you didn’t know about.
If you have a few hundred apps, AdiOS will take a few minutes to go through all of them. Once it’s done, you’ll get a read-out that looks something like this:
I imagine that this is the type of tool that Apple will use to check apps in the future since the company requires apps to explicitly ask for permission to access your address book, like Path has done in its latest update. If you don’t want to wait for Apple to start policing these practices on your behalf, a tool like AdiOS could help you get some piece of mind in case you’re worried about your data getting into the wrong hands.
If you truly are worried about whether one of your favorite apps does something nasty with your address book data, reach out to them through its support site and ask.