Comments on: Podcast #23: Goodbye Jeff, Restricting Address Book Access, Tweetbot

By: Jeff Berg

Jeff Berg — Thu, 16 Feb 2012 16:40:25 +0000

One the reasons Apple tries to reduce the number of times the OS asks the user to make choices, particularly choices pertaining to security, is that they strive to provide protection without administration. When faced with a choice about security most users will make the wrong decision. Bruce Schneier explores this theme in The Psychology of Security and revisits it regularly on his blog. Schneier is also an advocate of finding the correct balance between security and usability.

Rick Wash explores Folk Models of Home Computer Security and how users make decisions based on their conceptualization of those models.

In short, security issues like the recent iOS address bookgate need to be addressed, but my hope is that Apple will find minimally intrusive ways to do so. Presenting users with endless choices, and multiple, finite settings, is not the answer.

By: Kyle Cronin

Kyle Cronin — Thu, 16 Feb 2012 01:54:25 +0000

The encrypted data would be derived from the private address book data, and would therefore also carry the flag indicating that it cannot be transmitted over the network without permission. Granted, this sort of model would be extremely difficult to retrofit both into Objective-C and Cocoa as well as support backwards compatibility with existing, compiled apps, but is technically possible.

By: Anon

Anon — Tue, 14 Feb 2012 17:37:31 +0000

Jason is right. Once an app gets contact information, it can encrypt it in any way it wants, send it over the network, and that's that.