Earlier this week we posted about Apple having updated its App Store guidelines to prohibit apps from mining cryptocurrencies on iOS devices. It appears that the iPhone maker is also trying to restrict developers from using information about iPhone users' contacts to build their own databases, among other things.
3.2.2 (vi) Apps should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc.
5.1.1 (iii) Data Minimization: Apps should only request access to data relevant to the core functionality of the app and should only collect and use data that is required to accomplish the relevant task. Where possible, use the out-of-process picker or a share sheet rather than requesting full access to protected resources like Photos or Contacts.
5.1.1 (iv) Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don’t collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.
This effectively blocks apps from storing data about people's contacts and their friends without their consent. The problem is even if the app user gives their permission to a certain app to use their contact list, those people on the contact lists never gave their consent for using their phone numbers, names, birth dates, and whatever else is stored on that certain list.
This user permission is often used to mine for data "legitimately" since apps get their permission from their users. However, this is exactly what started the rollercoaster ride for Facebook when it was discovered that a single app managed to mine data on up to 87 million Facebook users just because a handful of users gave their permission to the app developer to use their friends' data.
Apple continues to use Facebook scandal to its own good
Apple is the only tech giant who has verbally assaulted Facebook since the Cambridge Analytica data misuse scandal was discovered. From the company CEO Tim Cook saying that he'd never be in the position of Mark Zuckerberg because Apple doesn't use its consumers as products to the company releasing some features during WWDC that essentially block companies like Facebook to use Apple users' data - Apple is potentially the only tech giant using this scandal to boost user confidence in its own products and services.
This latest update in the App Store guidelines is yet another privacy feature in a string of similar decisions made during the last two months. However, some of these updates could spell doom for Facebook.
Facebook's spyware VPN service could also be removed from App Store under these updated guidelines
Under Data Use and Sharing, the company is also restricting apps from collecting information about which other apps are installed on a user’s device for the purposes of analytics or marketing.
(iv) Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don’t collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.
Bloomberg suggests that this could be used to remove Facebook's Onavo app from the App Store. Facebook's Onavo Project isn't a security-favorite product. However, considering the company's userbase, it has a reach of billions of potential users.
This app, also known as spyware in the cybersecurity community, uses a VPN to scan incoming and outgoing internet connectivity, gathers information about users’ devices, their location, apps installed, how those apps are being used, websites visited, and much much more similar data under the guise of being a VPN app.
Currently, Onavo is still available in the App Store. However, it won't come as a shock if Apple does decide to boot it out of the Store.