The recent controversy regarding address book data in iOS got me thinking about how difficult it is for developers to take reasonable steps to protect user data. If it posed a significant developmental challenge then it would at least be understandable, though still inexcusable, for app makers to ignore best-practices.
It turns out, however, that it is trivially easy to wrap the Apple provided Address Book frameworks in a way that safe guards the data by:
- Asking for user permission before opening the address book
- Then hashing the desired data so that it is kept private.
After only 3 hours of effort I wrote a class (available in github) that provides both of these functions in an easily dropped-in fashion.
Any developer that does not take at least these two trivial steps to protect their customers’ private data is being willfully negligent and should be ashamed.
Github Source Code (MIT Licensed)