Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple changes app permissions in iOS 6


Apple has tightened how permissions will be handled in iOS 6, the soon-to-be-released mobile platform unveiled last week at the company's Worldwide Developers Conference (WWDC).

The new version of Apple's mobile operating system would require developers to explicitly ask users for permission before an application could access certain types of information, according to the "Data Privacy" section of Apple's iOS 6 release notes. Under the new requirements, developers will have to take into account that a user may refuse to grant permission to access personal data, and ensure the app continues working under that scenario.

The new rules specify that explicit permission is required before an app can access a user's phone contact list, calendars, reminders and photos. When the app attempts to reach any of those data types, the user will be prompted with an access dialog to grant or deny permissions. Previously, apps needed to obtain explicit consent only for the phone's geolocation data. 

"In iOS 6, the system now protects calendars, reminders, contacts and photos as part of Apple's data isolation privacy initiative," according to the release notes.

Apple likely made these changes to prevent a repeat of disclosures of third-party apps accessing and copying personal data off mobile devices. Earlier this year, social network application Path was named as one of the offenders, as its iOS app used the phone's contacts as part of its "Find Friends" feature and copied data on its servers without user permission or awareness. Path made the feature opt-in by releasing an update.

More recently, social networking site LinkedIn disclosed that its iOS app was sharing calendar data with its servers. Even though LinkedIn's data collection was part of an opt-in feature, most users were unaware their calendar information was being harvested, or that there was even a way to opt-out.

Apple strengthening its privacy rules is a good thing, but the change also means users will be prompted with more permission requests. Even so, this approach to allow granular-level permissions give users a bit more control over what apps can or cannot do on their devices. In contrast, Android generally follows the all-or-nothing model where users have to grant all the permissions the app requests or not install the app at all.

Apple has been focusing on iOS security recently. The company released a white paper earlier this month, detailing the security features implemented within the mobile platform, such as system architecture, device access tools and encryption. Plus, it plans to present on the topic at the Black Hat security conference next month in Las Vegas -- Apple's first-ever appearance at the hugely popular annual show.

The beta version of iOS 6 was released to developers just recently, and the final release is expected sometime this fall.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.