Both iOS 12 and macOS Mojave have enhanced privacy features designed to keep you and your information safe. With a new software version comes new App Store guidelines, and there are new rules that Apple didn’t publicly announced. These rules effectively stop the practice of address book harvesting.
If an app requires it, developers ask the user for permission to access phone contacts. But sometimes unscrupulous developers and companies steal your contact list and sell it to data brokers. I consider it stealing, but unfortunately this has been going on for years…until now, at least for Apple customers.
Under the new guidelines, developers are forbidden to create a database out of their users’ contact lists. And they can’t share and sell contacts.
Further, apps aren’t allowed to access your contact list, say it’s for a particular purpose, and use it for a different purpose without telling you unless you give your consent. Developers caught breaking these rules may be banned.
In a statement to Bloomberg, Domingo Guerra, president of Appthority, a company that advises governments and companies on mobile phone security, said:
They have a huge ecosystem making money through the developer channels and these apps, and until the developers get better on privacy, Apple is complicit. When someone shares your info as part of their address book, you have no say in it, and you have no knowledge of it.
However, the new move isn’t retroactive, and it wouldn’t be possible to make it so. You can turn off contact permissions in iOS settings, but that doesn’t delete data that the developer already has. An iOS developer speaking anonymously said:
The address book is the Wild West of data. I am able to instantly transfer all the contacts info into some random server or upload it to Dropbox if I wanted to, the very moment a user says okay to giving contacts permission. Apple doesn’t track it, nor do they know where it went.