Privacy problem: iPhone, iOS apps can steal contacts without permission

Gizmodo is reporting that a flaw in the design of iOS has allowed apps to access users contacts -- without their permission -- and download them into corporate servers.

Late Apple founder Steve Jobs' said in an interview that he was adamantly opposed to this kind of invasion of privacy, and while iOS software is programmed to closely guard a user's location data, the address book doesn't work the same way.

According to a Gizmodo article, the iPhone's GPS service requires you to actively approve an app to access it. Apple's operating system asks you for permission every time an application wants to know your location, not the app itself.

Apps can't bypass this barrier, and the security system is designed in this way so the app -- which could be anything from a game to your typical free flashlight app -- can't spy on you without you noticing it.

That feature works fine -- the problem is that Apple's address book doesn't have that safeguard.  Any app can access the address book, without permission, and take your list of contacts.

Social network Path was recently caught uploading users' entire address books to their servers, a move that has users uncomfortable, since it wasn't an opt-in action.

Now, iOS users will have to wait for Apple to fix the security hole by making access to contacts as restricted as geolocation data -- so they have control over what gets shared, every time.