iOS and Android Twitter apps collecting contact data

Update: Apple have confirmed it will upgrade iOS, so that developers can only access users’ contact data after receiving explicit permission to do so. Smart move Cupertino. 🙂

Given my thumbs up post yesterday about Twitter HTTPS being enabled by default, today I find myself writing about how Twitter appears to be remotely storing iOS and Android contact data through its mobile apps without notifying users (Path anyone?). This is a big thumbs down. 🙁

Collecting contact data isn’t new – I know Facebook collects this data but you are made clear and have the option to stop your contact book from being uploaded to Facebook – regardless of which mobile OS app you use. The normal response from the mobile app developers to this type of data collection is ‘we are improving the overall experience for our end users’.

One main reason for this is Twitter will use email addresses and phone numbers from your contacts to add Twitter usernames and photos to your contact cards. Twitter mobile isn’t alone in doing this. I’m not entirely sure I buy this though. Does anyone?

Twitter has acknowledged that it collects and stores your contact data which is collected from your address book – so this will include names, addresses, emails and phone numbers. I did notice (and from some other excellent research done by Arun Thampi)  that every time I activated the “Find My Friends” feature on my IOS device, the Twitter app would apparently transmit my address book (plist file) to Twitter’s servers. I wonder if Apple might provide a ‘lockdown’ feature or limit access to the contacts database by using permissions?

Your contact data is maintained by Twitter for a period of 18 months and closer inspection of their privacy policy suggests they only “log data” and that the IP address, browser type, the referring domain, pages visited, mobile carrier, device and app IDs as well as search terms are collected. I don’t particularly see any issues with this data being collected as most apps and web sites collect this type of information to improve the overall user experience and provide useful analytics data.

What I do have an issue with, is my contact book being stealthily uploaded without my prior knowledge. Why does anyone else require my contact book? Even worse if you are a businessman! Just think of how your valuable business contacts would be to Twitter?

Twitter has acknowledged the ‘issue’ and have publicly confirmed that they will be pushing an app update out very soon. The update will, in place of ‘Scan your contacts’ they will use “Upload your contacts” and “Import your contacts” in Twitter for iOS and Twitter for Android. We will keep you all posted on when this update will be pushed out.

Safe surfing folks!

This entry was posted in android, apple, mobile, twitter and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *