We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,145 News Articles

Another iPhone app discovered uploading address book details

Hipster app comes under fire for privacy intrusion after furore over Path

Another iPhone app has come under fire for uploading private data from users' address books to its own servers.

Hot on the heels of the uproar over Path, which was discovered to be sharing personal data by an iOS developer, it has emerged that Hipster, another free app, is doing essentially the same thing.

Mark Chang wrote on his blog that he had discovered that Hipster was sending data such as his password and iPhone UID to the company's servers in plain text - not even using the encrypted HTTPS protocol.

"The Hipster app, in an unsecured HTTP GET request, sends a big chunk of your iPhone address book in the form of an email param that includes a comma-separated list of email addresses," Chang wrote.

"Hipster never asked me for permission to send my address book emails to them. Hipster does not say anything (as fas as I know) about if they are storing those emails or what. The Hipster app allows you to deselect the "Contacts" button when looking for new friends, but it is enabled by default. Therefore, there is no way to avoid sending address book emails to Hipster, as far as I can tell."

Chester Wisniewski of security firm Sophos was unimpressed by the actions of Path, Hipster and Apple.

"Where was Apple when the original app was released? The lengthy approval process should be looking out for its customers, not just whether it allows you to tether," he said with reference to the case of Path.

"The Hipster app does provide you with an option when adding friends to deselect the "Contacts" button, but who would imagine selecting contacts meant sending your contacts to Hipster? If I saw that button I'd assume it would allow me to pick from my address book locally."

Wisniewski was quick to point out that just because the companies had been gathering this data that it had been in any way misused, though.

"We aren't suggesting these companies are going to use this information against your interests, but should they be collecting this information without your knowledge? Additionally, insecurely transporting personal information from your phone book, permission or not, is an unacceptable practice.

"The iOS permission system doesn't provide notification of what information an app may be sending to its keepers, aside from location information."

UPDATE: Hipster has got in touch with Macworld to offer clarification on the matter.

"We're on it. Emails are never saved and app updates will be out ASAP with secure and explicit opt-in," Carl Rice, a member of Hipster's team, told Macworld.

An updated version of Path is also now available in the iTunes App Store.


IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Evernote Skitch: the best way for creatives to doodle feedback