Why Apple's iOS 6 Privacy Protection Will Backfire

The permission dialog boxes in iOS 6 will most likely result in less, rather than more, privacy protection for iPhone and iPad users.

People don't like it when apps surreptitiously steal personal information. Apparently Apple's primary concern is the "surreptitious" part, though, rather than preventing personal data from being leaked or collected. New dialog boxes in iOS 6 may protect Apple, but will do little to help users safeguard their privacy.

Earlier this year the proverbial "stuff" hit the fan when it was discovered that Path--a popular social networking app--was stealing contact info from the address books of the iOS devices it was installed on. That incident was followed by other revelations of privacy infringement, and congressional inquiries demanding stricter protection for users.

Apple responded to Congress with a statement claiming that a future release of iOS would change the process so that any app wishing to access sensitive data like contact information will require explicit user approval. That "future release", it seems, is iOS 6.

ZDNet's Ryan Naraine compared the iOS 6 permissions to Microsoft Windows, tweeting, "UAC comes to iOS."

As far as I'm concerned, UAC is a solid technology that does what it was designed to do. In my opinion, the negative publicity and backlash against UAC was more of a marketing or public relations failure on Microsoft's part than an actual issue with UAC. That said, I understand Naraine's comparison.

The problem with UAC--and with the new iOS 6 permissions--from the perspective of an average user is that it can be too overwhelming. People are inundated with pop-up alerts and dialog boxes requesting permission for this or that. They don't know enough to determine if the activity is legitimate or not, so they simply accept all requests.

Andrew Storms, director of security operations for nCircle, explains the crux of the issue in a blog post. "Instead of doing the difficult work of putting together a privacy policy that has some teeth or going after app developers already violating policies, Apple has basically decided to annoy their users by requiring them to click through a dialog box for just about every app on their phone."

Storms adds, "These dialog boxes are going to be like one of those whack-a-mole games--exactly the kind of thing users despise and ignore completely."

Obviously, if users simply approve all permission requests the result will be much less privacy and security rather than more. As Storms points out, this is purely a legal CYA (cover your "assets") move by Apple. If Apple wanted to protect iOS users, it would enforce stricter guidelines for app developers rather than making users jump through extra hoops.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts