Why Apple’s iOS 6 Privacy Protection Will Backfire

People don’t like it when apps surreptitiously steal personal information. Apparently Apple’s primary concern is the “surreptitious” part, though, rather than preventing personal data from being leaked or collected. New dialog boxes in iOS 6 may protect Apple, but will do little to help users safeguard their privacy.

Earlier this year the proverbial “stuff” hit the fan when it was discovered that Path–a popular social networking app–was stealing contact info from the address books of the iOS devices it was installed on. That incident was followed by other revelations of privacy infringement, and congressional inquiries demanding stricter protection for users.

Apple responded to Congress with a statement claiming that a future release of iOS would change the process so that any app wishing to access sensitive data like contact information will require explicit user approval. That “future release”, it seems, is iOS 6.

ZDNet’s Ryan Naraine compared the iOS 6 permissions to Microsoft Windows, tweeting, “UAC comes to iOS.”

As far as I’m concerned, UAC is a solid technology that does what it was designed to do. In my opinion, the negative publicity and backlash against UAC was more of a marketing or public relations failure on Microsoft’s part than an actual issue with UAC. That said, I understand Naraine’s comparison.

The problem with UAC—and with the new iOS 6 permissions—from the perspective of an average user is that it can be too overwhelming. People are inundated with pop-up alerts and dialog boxes requesting permission for this or that. They don’t know enough to determine if the activity is legitimate or not, so they simply accept all requests.

Andrew Storms, director of security operations for nCircle, explains the crux of the issue in a blog post. “Instead of doing the difficult work of putting together a privacy policy that has some teeth or going after app developers already violating policies, Apple has basically decided to annoy their users by requiring them to click through a dialog box for just about every app on their phone.”

Storms adds, “These dialog boxes are going to be like one of those whack-a-mole games–exactly the kind of thing users despise and ignore completely.”

Obviously, if users simply approve all permission requests the result will be much less privacy and security rather than more. As Storms points out, this is purely a legal CYA (cover your “assets”) move by Apple. If Apple wanted to protect iOS users, it would enforce stricter guidelines for app developers rather than making users jump through extra hoops.

Storms did a mock up of what he feels would be a more honest dialog box for Apple to use. Check these out: