iOS 13 to Block Third-Party Developers’ Access to ‘Notes’ Section of Contacts
Users’ Contacts notes will no longer be shared with third-party developers.
When Apple announced iOS 13 earlier this week at WWDC, the company focused a lot on user privacy, including end-to-end encrypted home security camera storage and improved protections against apps always knowing your location. However, one feature
According to a new report from TechCrunch, the Cupertino company has addressed a little known security hole in its mobile operating system. In iOS 13, when an app requests access to the user’s contacts, the app developer will not get access to the notes filed in the Contacts app:
Apple is closing a loophole that allowed app developers to access users’ potentially sensitive and private data. With the launch of iOS 13, apps that request access to users’ Contacts will no longer be able to read the data in the “Notes” field of those address book entries.
The Notes field, Apple said, could include potentially sensitive details like sneaky comments about the boss. In reality, many users’ Notes field may have contained much worse than that.
The move is either because users often use the feature for comments not meant for the public or because users tend to use their address book as a replacement for a password manager and possibly store access codes or the like here:
Yet, people continued to use their Address Book as a makeshift password manager. Or they would enter in a variety of other private information into the Notes field in Contacts. Perhaps they’d note their ATM pin code, the door code for their home, a vault code, a social security number, credit card information, and more. They may also have written down private notes about a person that they wouldn’t want shared.
The Notes field is unencrypted and will remain so in iOS 13, but access by third-party apps will, for the most part, be denied.
Developers that believe they have a valid reason to access the data field can file for an exemption, but the Cupertino company explicitly points out that the large majority of apps don’t need access to this private field.