iPhone Security Model Brokem Can It Be Fixed???

Summary: User data is the new gold rush, and it’s so easy to find and mine. I like my iPhone. A lot. But I’ve not gotten to the point where I feel that the security model that Apple chose to implement in iOS is broken, and it’s hard to see how it can be fixed in any useful or meaningful way.

How is the security model broken? Well, it’s broken because the apps you install onto your iDevices are capable of accessing the user’s address book and sending that data back to the company servers without you knowing that it’s going on. Mobile social network Path was caught doing just that, and I’m sure that it’s not the only one that’s been up to this trick. User data is the new gold rush, and it’s so easy to find and mine.

Note: Mac OS X offers developers easy access to the address book, and Apple hasn’t done anything about this since the issue surfaced in 2006.

Now I’m going to assume for a moment that there are legitimate reasons for access user’s address books and copying them, but what cannot be justified is doing this without user consent (and by consent I don’t mean a small snippet of legalese buried in a ocean of legalese). Harvesting data without clearly informing the user of what’s going to be done and what will happen to that data is at best a very bad business practice, and at worse it’s malware-like behavior and a massive breach of trust.

So what should happen? Well, I have several ideas, but I must admit that I’m not in love any of them.