Hacker News new | past | comments | ask | show | jobs | submit login
A subtle change to the iPhone’s contact-sharing permissions (nytimes.com)
86 points by 2OEH8eoCRo0 23 hours ago | hide | past | favorite | 141 comments






The change in question if you don’t want to read through half way across the article.

“In iOS 18, however, users who agree to give an app access to their contacts are shown a second message, allowing them to select which contacts to share. Users can opt to share just a handful of contacts by selecting them one by one, rather than forking over their entire address book.”


Sounds like how photo sharing permissions have worked since... iOS 16 or 17? You can choose as small a subset of photos for an app to have access to as you want, and then just add as you like, rather than sharing your entire photo library. Pretty handy.

There seems to be two apis for this. One which allows you to select an image(s) on each interaction. The other which makes it as difficult as possible and either you click allow all or do the arduous process of navigating settings.

No bonus points for guessing what type of apps do the latter.


I think these permissions should be handled in a way where the app simply cannot know whether you gave limited or full access. The app should see a pool of items (contacts / photos / health data / whatever) without the information whether that's full access or not.

If I understand correctly, apps are only given that info to be able to add a custom `Adjust Selection…` button in a convenient place in the app. But this could be handled on a system level instead, where a small unobtrusive pop-up appears, on top of the app without its knowledge, where the user can adjust permissions (kind of like the `Pasted from…` toast when using the clipboard).

It's a bit uglier, but much safer and avoids digging into Settings like you mention. And crummy apps cannot bully you for giving partial access.


> No bonus points for guessing what type of apps do the latter.

Camera apps?

In other new “Halide rejected from the App Store because it doesn’t explain why the camera takes photos”.

https://9to5mac.com/2024/09/24/halide-rejected-from-the-app-...


There should be an additional option to provide fake contacts in your area code to the app.

Sounds like a recipe for disaster, says

Torben University +49 1234567890 notreal@not.gmail.com

who now gets tons of scams and cold calls.

But I guess you were joking a little, by now? Anything real would need to be powered by telcos... not very encouraging from a privacy perspective.

And improving on this devolves into a cat-and-mouse game like iCloud Private Relay, right?

Still would be an additional layer of obscurity for apps that try to coerce users into sharing contacts.

But even then, there must be enough people using the fake contacts, otherwise it's just a more precise fingerprint than not sharing at all.

Thinking about it.. we're not far away from apps requiring you to share your "verified contacts" -_-


Not joking. I don't see how a random number and some guy I happen to know getting spam is substantially different. APIs on my device should lie on behalf if I ask them to.

Sound point, yes. "Access to contacts" is a dystopian privilege name anyway.

Thank you for that.

And it’s about time!!


Only took them 16 years.

[flagged]


I recall a custom rom I had years ago supported fake data for contacts, camera, calendar etc.

It used to give a bit of satisfaction knowing I was polluting their data mining.


I was about to say, my Galaxy S3 running CyanogenMod had dummy sandboxes for app permissions.

I guess facilitating the total information awareness game is no longer interesting or profitable for Apple.


This attitude always utterly frustrates me. I simply don’t understand it. Is your view that a company’s worth should be determined by how quickly it copies any random feature introduced by a ‘competitor’?

Do you understand that if every person that voices these complaints had things ‘their way’, then Apple’s collective development backlog would be filled to the brim with stuff that’s utterly original?

And, if Apple had done it as soon as GrapheneOS did, can you honestly say that you wouldn’t still be complaining about Apple copying things?

What would actually satisfy you? All this OS culture war BS aside, is what you’re expecting of Apple here even remotely in line with your professional experience?


Presumably there's no "select all" option?

In the first screen you choose one of None, Limited Access, and Full Access. Under Limited Access you select individual contacts, no "select all" option there.

> Of course, iPhone users can still upload their whole address books if they choose.

Even as a developer, I have started to think that almost any time a developer complains about something they can't do or a safety net on my device. It is likely a good thing that it exists.

We saw this with app tracking (just yesterday I saw "we want to keep this app free for you" alert encoruaging me to click "allow" instead of ask app not to track.)

This is already how photos works and its long time that contacts followed suit. Hopefully it leads to people being more aware of the data they are sharing but I guarantee that apps are going to throw up scary screens to encourage you to allow all.

IF this feature is somehow the thing that is blocking you from making a company, your company doesn't deserve to exist. And I apply that to the social media companies that already exist thanks to being able to mine this data before.


The framing of this article is absolutely ludicrous. I'm no Apple apologist but this is genuinely a good feature that puts power to control who gets access to contacts back in iPhone user's hands.

"The city is helping citizens install locks on their doors to keep burglars out! That's going to really hurt all the new small-time crooks who might just be starting out!"


My reading of the article is quite neutral, it gives the pros and cons to that changes for all concerned parties. The author even acknowledged that they like the new feature.

Who is the headline for?

What if there are less challenges to the current social networks? is that not a more likely outcome, if the equilibrium settles toward stasis and lack of growth? I like my privacy, but I worry the cost for the collective is very high. I worry we'll be less likely to access all the many others ways in which social networks and algorithms and incentives might work, without the helpful pressure on incumbents...

One of the largest problems that needs to be solved in the space of social networking is flagrant disregard for privacy. Worrying that granting users the ability to protect their privacy may stymie the rise of new companies emerging to abuse their data in order to compete with existing problematic social networks is kinda nuts.

I’m not going to lose any sleep from making things harder for data theft startup. The incumbents will have to destroyed in a different way, on another day.

Do remember that in your example the city previously gave out crowbars to everybody in the city.

Like Apps can only do what Apple lets them. If they were doing something people didn't like; it was because Apple let them. Sure, it's good that Apple now is doing something but they're just filling in a hole they dug.


It's ridiculous to equate all new social media apps with burglars

Even if a social app starts off as a scrupulous player who’s acting responsibly with your data, doesn’t mean they are going to stay that way.

It’s very common for companies that gain some traction, but aren’t on the path to be the next unicorn to get sold off to private equity firms who try to extract the most the value for the least effort. That often involves selling any all data to a data broker.

Personally, I’d treat most apps/companies as if they could be burglars, and only give them access that I need to get value out of the app. I don’t really want to be friends with my landlord or my doctor on the socials anyway.


If they want to take your stuff and you don't want them to the analogy works.

No it doesn’t. It’s a faulty analogy. I’m pretty sure that burglars don’t give you a choice. You choose to use a social network.

Hiring someone to clean my yard and then found him snooping inside my office would make a very strong case of him being a burglar.

I choose to live in a house, in a city. I don't choose who in my city tries to get into my house.

It's forced on non users. Look up shadow profiles.

Now you can choose how to use them with even more granularity

QED thanks bye


Seems to me that social app devs sound a bit entitled. If their business model depends on slurping up all my contacts, maybe they need to find a new line of work.

I tend to agree—however I think the point of the article is that, regardless of whether this an ethical or "good" practice, it represents a pulling up of the ladder in a social media landscape that most users would agree is not in a great place with regard to the big names.

Maybe we already have enough social media apps, but also maybe the ones we have aren't very good, and things like this probably make it harder to compete in that space if you believe that you can create something better.

Also to be clear, while I'm sympathetic to that idea I'm not sympathetic to garbage people like Nikita Bier, who is basically saying this is what helped enable him to make two identical apps marketed directly to high-schoolers rapidly acquire a substantial userbase. He then subsequently sold these apps to Meta and Discord. So maybe this change is for the best.

https://www.reddit.com/r/Entrepreneur/comments/12rqnk6/nikit...


I don't think pulling up the ladder is the correct analogy here.

The inability of users to prevent companies from slurping up all of their contacts creates an environment which greatly benefits those company which simply take the data since nobody can stop them.

Yes having that data has allowed the current crop of social media companies to grow very quickly, but look at the societal costs of that rapid growth. If we want social media companies of a categorically different kind, we need different rules so that the kind we currently have don't dominate again.


Yea, this is more of a "better late than never" security fix. While you can't go back in time and fix past apps that exploited a vulnerability, you can at least close the vulnerability for future apps.

It's going to require a legal fix for past mistakes.

You also fix it for future users. Kids without phones or contact lists grow up to have them.

> pulling up the ladder

On the contrary, it allows users to better than current "all or nothing" which today leaves users holding their nose and feeling forced by social monopolies into feeding their entire graph to resell to advertisers, data brokers, government monitors, and the like.

Note that a minority of social apps have done the work to match your contacts with your contacts' affirmative disclosure on the social network, without giving themselves new shadow contacts from your phonebook. Only those who "want to be found" will match up.

> So maybe this change is for the best.

It's possible to ... slurp respectfully?

If everyone did that, this feature wouldn't be needed. If EU wanted to legislate something, they could mandate something like an extrovert flag: this is my name tag, I want to be found! Given an app respecting this method of matching, then allow matching to be seamless after the first OS level prompt.


That reddit thread made my soul hurt.

This also affects communication apps, like email clients.

It's a real bummer for the user experience, honestly. Yes, people can say "share all contacts", but the user experience is confusing, and many people won't.

This means that all 3rd party mail and messaging apps will be lacking contact information -- whereas of course Apple's own will have it by default.

Again, it's shameful API design by Apple, because they don't have to use their own APIs/permission systems.

This could be mitigated, by the way, by having a rate-limited "lookup" API where an app can say "Can I have the contact for bob@example.com, if it exists?". Most legit apps don't need a copy of your entire address book, but they may need to query it occasionally.


Noo! They shouldn't try finding new ways to carry on! There is a huge risk that they will do!

I remember when LinkedIn would take your contacts, and bombard them with "friend requests." For me it resulted in some inappropriate "requests." I'm glad that isn't happening anymore.

At the same time, it's not like LinkedIn is paying any price for that.

So the rule is, engage in as much bad behavior as you can when it's permitted, because later it might not be an option.


That is why I do not really use LinkedIn to this day. They are still invasive in the amount of data they collect and share.

And then they are pushy with what they want to spread, but sooo very bad at providing info you need and try to get.

I don’t have LinkedIn on my phone because I suspect they were listening to my microphone and serving me ads based on it. I didn’t dig deep to prove it but it seemed pretty clear at the time.

If you're using a mobile OS that you suspect has APIs that can allow this at all, you shouldn't be using that OS.

The iPhone has an indicator at the top of the screen that's present during and for several seconds after when any app is using your camera or microphone. Even for built-in system apps like the native camera.

I'd like to think Apple's financial motivation for user trust outweighs whatever money they could be getting by offering backdoors for LinkedIn of all things. Not to mention the lawsuits they could be facing for letting an app listen to users unbeknownst to them for a bit of Microsoft kickback. This is after introducing a user privacy measure that basically undermined the entirety of Facebook's monetization strategy (site that was majority of internet traffic) and forced them to do a major pivot a few years ago.


The iPhone also requires all apps that want to use the microphone to gain your permission, at least the first time.

So if you never gave LinkedIn permission to use your microphone (or did once, but then went into Settings and revoked it), unless they have found a way to backdoor iOS's permissions structure, the LinkedIn app is absolutely, 100%, not listening to you on your iPhone.


Maybe that's how it is today, but is that how it was 10 years ago?

The permission for microphone usage? Yes. The microphone permission was added in iOS 7 in 2013. On Google you can find timestamped references (on Stack Overflow, etc.) to the microphone permission that are more than 10 years old.

A more likely explanation is that LinkedIn knows where you are from location data and they might know where your friends are because they have the app installed (they can otherwise purchase location data that's collected and shared from a billion other apps). Then they see that you and Alice were in the same location for the past hour while Bob, who was also there, was looking up stuff you were talking about on google. Then LinkedIn shows you ads for that stuff because they suspect a discussion had been happening about the things Bob was looking up.

A common retort I've seen to that is, "Nobody made any such searches during the conversation." So I try a different route: how does LinkedIn know what's relevant to advertise to you based on conversations that are picked up on your microphone?

Let's assume LinkedIn can isolate the voice of every individual on the planet (or, perhaps more relevant, every individual in your home town) and Alice is talking to you about their new air fryer such that it's picked up by your phone's microphone. LinkedIn might advertise air fryers to you because they think Alice was talking to you about air fryers.

But what if Charlie is telling Dave -- both of whom you don't know and are only near you because you're waiting in line at the grocery store -- about their new air fryer? LinkedIn can advertise air fryers to you but that won't necessarily be so eerily relevant. How would LinkedIn know to show you air fryers because Alice was talking to you about them but not to show you air fryers because Charlie was talking to Dave about them? Both conversations were picked up by your phone's microphone so, ostensibly, they would both be equally relevant for advertising.

(That's all assuming that they can hide the otherwise-inexplicable battery usage of an always-on microphone.)

Not to downplay the creep factor, just pointing out that they are probably not disregarding established audio-recording law and are instead doing other surveillance things to show you such relevant advertisements.


So you had a bold claim but didn’t put effort in to find commensurate evidence and it was clear to you.

But ended up making the correct decision.


That’s referring to a pitch deck from a marketing company and there is no hard evidence of it being anything more than marketing nonsense to drive sales.

Anything using the mic (on iOS at least) to “listen for keywords” would trigger the “glowing orange dot” indicator.


LinkedIn provides no mechanism to hide your profile from other members by default apart from an explicit block.

I was stalked on it by an unhinged bank employee, and even though he's blocked I still see people from his company have viewed my profile on a regular basis.


“Abuse early, abuse often” is the phrase used in video game culture for this concept. If a bug/loophole/opportunity exists, take advantage of it as much as possible before it’s fixed. Applying it to the real world feels slightly different though.

I’m genuinely surprised it took this long for Apple to do this. Having a full contacts list has long been one of the most valuable pieces of information for ad targeting. It’s why you can not be on Facebook but they still know everything they need to know about you because enough of your contacts are on their platforms.

Why surprised? Because of a belief that Apple care about your privacy?

Judge them by what they do, not say


Surprised because Apple is the company that made this sort of permission request so granular. Contacts contain some of the most permanent and “graph-building” data you can imagine, but they let this through for 17 years.

One possible reason they didn't address it sooner was Apple was receiving a cut of google's ad revenue on iPhone that had grown to 36% share, until Google's own antitrust case deemed the arrangement illegal earlier this year. The more data available to Google the more effective their advertising. /conspiracy

Says a lot about our world that to be successful with a 'friend-based app' you really need to dark pattern your way into hijacking a contact list and robo-inviting all the people who are totally not a person's friends.

If you paid attention, every single successful social app got so successful because of dark patterns that could be summarized as: spamming you and your contacts.

Even worse is an article from a major newspaper having "mixed feelings" about the feature.

Snapchat. They even add contacts after you didn’t add contacts, no idea how they manage that exactly..

Android needs this yesterday. i hate how meta, tiktok, telegram and other apps try to force you to give contact info.

even when you deny, they'll just ask again later.


This (well, not this specifically, but other decisions like this) is one of the major reasons I switched to iOS from Android a few years back. I like the openness the Android ecosystem provides, but at least at the moment, Apple seems to provide much better privacy features than does Google. This is just the latest in a long series of decisions and features, such as encrypted messaging (at least for other iOS users; not perfect, but better than none), granular photo sharing permissions, and many more.

GrapheneOS has this really awesome feature that I wish would come to mainline Android: Contact and Storage scopes.

Essentially, it works very much like the feature Apple has introduced for these things, but importantly, it makes apps believe they have full access to these resources, while still maintaining a limited scope through the OS.

I doubt Google would ever adopt this (due to their less than privacy-friendly attitudes) but it is absolutely technically possible, since GrapheneOS has it today.


Google routinely adds privacy features to Android and many of the GrapheneOS privacy features are inherited from or expanded upon Android. It doesn't matter to Google because they can still grant themselves any permissions they want by default on stock GMS Android ROMs, while limiting access to third party apps. (Most people don't know/care that you can deny certain permissions from certain system apps including GMS even on stock Android and this behavior isn't guaranteed anyway.) Contact Scopes is GrapheneOS exclusive for now but it's not unlikely that Google would add something like that, especially now that iOS has it. They have accepted several security patches from GrapheneOS already.

telegram has repeatedly asked me for microphone access on iOS the last few weeks, at random times. i suspect it's not just happening on Android, therefore.

Say yes, then deny the system permission.

At this point, iOS does not allow you to change those permissions in-app once you deny them. The only exception is photo access, which lets the app request access to more photos.


Even when you deny, enough of your contacts won’t that it doesn’t even matter

This is the sad truth, however one can only hope to at least reduce the graph points.

It does matter. Is this what you meant?:

"Even when you deny, enough of your contacts won’t, that it seems in vain."


I meant that it doesn’t matter if you deny because your friends will sell you out.

What I'm hearing you say is: "Your privacy doesn't matter."

What I'm hearing you argue is that the tree which hides in a forest is still hidden in the forest.

Alas, it's not when the whole forest is infested with ads^H^H^Htermites


Tiktok pops it up frequently and at random, irrelevant times. I think they're hoping I'll press it by accident, or without thinking.

Finally I can see names in WhatsApp, as I now just share the contacts that I actually use WhatsApp with. Meta dark-pattern coerces into sharing all contacts by not showing names on the message list until one does—even though the contact has a name in WhatsApp already.

it's a privacy feature. I don't want to share my name with someone who doesn't have my contact.

No, it’s not. The name is still visible, but not on the chat list, only the in-app contact card. Thus it’s an anti-privacy feature as it coerces users share all their contacts with Meta.

WhatsApp have a name field that is public. It just does not want to use it for the chat list. Or allow you to edit it client side.

Glad to see Apple finally doing this. As an Android developer, who has an app that uses a device's contact information, Google has had something similar for the longest time. Android readily allows a developer to grab very specific contact information for an individual contact without granting an app access to all the device's contact information.

“the end of the world”

"the drama"

"dramatic ripple effect"

All because serial viral social app developer startups cannot carry on for the next dozen or what new big social app following several sold and successful out there somewhere, must be out there somewhere being very successful, but endangered now very much, right? Am I insensitive not feeling the doom of humanity here? And wanted to lit celebratory fires in the middle of the Armageddon for the further fortification of privacy?


Another example of Apple further entrenching its monopoly -- Like other permission prompts, I bet Apple exclude their own apps from asking for this.

I bet iMessage doesn't ask you if it's allowed to access your contacts, in the same way that Photos doesn't ask you which photos you want Apple to know about. That would be an unacceptable user experience for Apple, but acceptable for 3rd party apps.

This seems to be a constantly overlooked part of the permissions discussion. I'm all in favor of Apple changing the rules on their platform to whatever they like, as long as their own apps have to play by the same rules.

Instead, they use permissions to advantage their apps over the competition.


No users think the Apple device with the Apple Contacts app is or should be hiding Apple Contacts app contacts from Apple Mail or Apple Messages app. If you don't want your contacts in the Apple suite, don't put them in the Apple suite.

Similarly, if you use Microsoft Contacts, you assume you see those in Microsoft Outlook and Microsoft Teams, and their devices using their OS.

Similarly for Google's suite, and their devices using their OS.

There are other Contacts apps, such as Clay (from clay.earth) that have other sets of contacts and can sync with still other contacts stores such as, say, LinkedIn. Those aren't visible to Messages without an affirmative action, so Apple is not advantaging itself.

If you're arguing that application suites aren't allowed, any number of users are going to be very annoyed with you.

If you're arguing that nobody can make both hardware and productivity assistant suite combined, you're either saying the PDA doesn't have a right to exist, or, saying that forcing the PDA to be open to other apps on the PDA in turn means the PDA isn't allowed to be an integrated suite now that it's open, and, I guess, saying Microsoft can't make Windows or Surface unless they spin off Office or damage what they make till none of it talks to each other seamlessly?

This entire line of thinking, that nobody's allowed to offer a seamless experience, seems like overregulation of what consumers are allowed to choose and buy.


> No users think the Apple device with the Apple Contacts app is or should be hiding Apple Contacts app contacts from Apple Mail or Apple Messages app.

I am a user and you are wrong.

I absolutely want every app, regardless of vendor, to be sandboxed from each other. Without explicit permission, I don't want Mail or Messages to know that I have a contact card for the peer.


The line of thinking here is that Apple should play fair. The power of defaults is very strong.

Most iOS users aren't going to be thinking of "Contacts" as "Apple Contacts". It's just the contacts on their phone. It's their contacts, not Apple's.

I think Apple should absolutely have to use the same permission prompts as 3rd party developers -- because this aligns the incentives to design a great user experience.

Instead, they have no incentive to design these prompts and APIs well -- in fact, a disincentive.


Rephrased: Users are not allowed to choose an integrated PDA.

And, still not even if it lets them make a different choice later.

Another implication: All first party apps must be interchangeable. I'm curious -- must third party apps also be?

And then, who decides what lowest common denominator functionality is, and what's OK to offer that others don't?

You've taken that choice away from the market.


The rules of the platform should be the same for all users of the platform. You can't play the game and be the referee.

I don't see how this prevents an integrated user experience. It's orthogonal.

If the user experience for permission management is well designed, and the APIs are thoughtful, this shouldn't be a problem.

It's a problem in iOS today because the user experience and APIs are an afterthought, and there's a disincentive for making them good.


An improvement, but each contact is still all or nothing. If an app needs phone numbers and I want to share that with it, I don't need it to have access to the birthdays, emails, addresses, etc. of all the contacts I share.

Apple could enable the Name Drop feature of which fields to share:

If you’re sharing your contact card, tap the Show Disclosure Triangle, select the fields you want to include, then tap Save. The same fields will be selected by default next the time you use NameDrop.

https://support.apple.com/en-hk/guide/iphone/iph1b6c664b7/io...


This is the reason I made a dummy contact of myself.

My own contact is by far the most bespoke in my address book: it has multiple numbers, emails and addresses. It also has many "family member" fields filled out (which allows Siri to understand things like "call my youngest sister" or "when is my uncle's birthday").

Apps I don't trust only get the dummy version of me, which just has my spare phone number.

But I guess it would be unwieldy to do this for other people as well.


Exactly. It’s more granular, but not granular enough.

Also, what if I don’t want my name and contact information in someone’s phone shared with an application? There are no options there.


It’s common amongst women to just not save phone numbers anymore from low commitment encounters

On iOS they rely on memory, context along with the name and photo sharing feature

Maybe men in the same age range and contexts do the same, but I wouldn’t know


It's disgraceful that we can't even keep a contacts list these days. Back in the day we had no problem with putting everything into Outlook or something but today things will steal it. We have moved backwards, regressed. We bought these devices and can't even trust them! It's bullshit!

These contact lists kinda suck too. Back in the days when everyone used SMS and actually called each other with telephone numbers, they made sense, but now, everyone outside of North America uses various non-interoperable messaging/chat apps to communicate with their friends and family and the contacts don't integrate with these at all.

It's worse than going backwards. A real rolodex never sent out your personal information. A primate home computer didn't send anything.

This is what the Solid protocol tries to fix. https://solidproject.org/

Not an apple fan, but this change is a move in the right direction.

Part of the reason I use Graphene is exactly this kind of control.

https://grapheneos.org/usage#contact-scopes


Finally.

Much wining from spam-oriented "social app" operators. World's smallest violin plays.


A lot of the comments are about spamming your contacts, but I assume the common reason is to connect you with people you already know - if a phone number is in your address book, and that number is associated with an account, it can suggest that person to you as a friend.

Is there a better way to make that connection without exposing the actual number?


I don’t want suggestions. I’ve never needed suggestions on any social platforms I’ve been. I usually just ask my friends if they’re on it and what’s their handle.

I'd say by hashing but unfortunately the phone number space is too small. Maybe however Apple's Airdrop to contacts thing works? It's hashing with extra steps AFAIR.

Finally! WhatsApp forces you to share your address book or it won't run, so I've only ever used it on a burner phone when travelling (because it is essential in some countries). I wish Google would support this too.

Now we need location granularity permissions: None-Country-City-Locality-Precise, and the app shouldn't know which one it is getting.


I've had WhatsApp for years and while it does ask for contacts, it works just fine if you deny that permission.

Almost. You need a workaround for chatting with new numbers and can't add anyone to groups.

• New numbers: fortunately you can just type the number in.

• Adding to groups: Sharing an invite link is a good workaround, you need to be group admin though.


I don’t understand what part of this I am meant to be opposed to.

This is a step in the right direction. I’ve avoided making a Facebook account all these years due to them being at best a garbage company, and it really irritates me they were allowed to just slurp up my contact info because someone I knew clicked “allow” without my consent.

This is good given people sometimes glaze over and just opt-in.

Contact sharing is dangerous since you can easily reconstruct any individuals social graph (esp big tech), and are unintentionally giving access of your contacts to others.


Surely the specific use case could be achieved in some privacy respecting way?

For example, you could send hashes of the user's contacts, they could be compared to each other, but not reverse engineered?


Maybe by iOS 28 we could also limit which contact fields apps have access to...

I gave Kevin some guff from his article re his reputation with chatbots, but this is remarkably evenhanded (perhaps overly so considering the other side are data-sucking creeptoids.) Just gonna repeat for the sake of Google that Nikita Bier is confirmed by the NYT to be a data-sucking creeptoid.

iOS has supported selective contacts since a long time, but companies that want to steal all your contact data don’t use it. Now it seems like they have no choice.

https://developer.apple.com/documentation/contactsui/cnconta...


Wait until they detect you have them partial access and lock the app until you broaden it.

See Google Photos: https://news.ycombinator.com/item?id=26472708


Does this mean you can now use apps like Truecaller without contributing to their database?

This was always possible to some degree - do not allow the access to either “spam blocking API” or contacts. You wont get “live” caller id, but you can check it later in the app.

iOS18 finally does what should have been done all along: ability to tell the app it has access to contacts while not actually giving it access to the entire list.

Let me clear: fuck any app that demands to slurp up all my contacts and purposefully makes it hard to use it without allowing that (looking at you, WhatApp), and any developer who does it. If this is the end of the world for them, good riddance!


>iOS18 finally does what should have been done all along: ability to tell the app it has access to contacts while not actually giving it access to the entire list.

This seems like a mis-feature to me. iOS shouldn't be lying to apps like this. If an app shouldn't have access to all your contacts (which it shouldn't), then why is Apple approving such an app in the first place? I thought the whole selling point for iOS was the strictly controlled and curated app store.


It should definitely by lying like this, because that information routinely gets abused to force you into just giving full access.

Apple could totally be more strict with the App Store, and eliminate contact-stealing malware such as:

- Instagram

- WhatsApp

- FB Messenger

- should I go on?


Example: WhatsApp needs to show a name for a given number who messaged you. It might be in your contacts. So you need an api to look up a contact by number. Or you want to send a message and want to send to a contact, so you need at least an api to pick a contact. The latter is easy. The former is harder. Phone numbers are slow. Enumerating the space to leak your entire contacts list is trivial. Thus a lookup by number api cannot be. And thus instead we end up with "share partial contact list" as the best case, IMHO

please, please let them do fake location next

What feature is this? Sounds great.

In iOS 18 you can allow apps access to only some contacts instead of the entire contact book.

This makes sense. I don't want apps to know who my doctor is, especially considering many apps share this data with others (including, in some cases, governments).

https://support.apple.com/guide/iphone/control-access-to-con...


I haven't allowed any mobile app permissions to access my contact list since the option became available to selectively disallow permissions on iOS.

Why would I subject my friends to extra spam/data mining? I never thought this was a good idea.


I’m honestly surprised to see this quality of writing at NYT. Clickbaity headline, ragebaity angle to the story. Of course it’s good to give more options to consumers!

In all honesty, I don’t think many people will select a handful of contacts to share with apps. They’re just gonna share all and that’s it. People don’t have the time nor energy to think and select what contacts to share among hundreds in their address book. It’s such a hassle!


The new social apps will just need to hijack the contact lists of the old social apps. Anyway, this has already been happening — it’s not just phone contacts that products use to bootstrap their network.

Apple killed new social apps. What's the value of a social graph nowadays? Most of the big social media platforms like instagram and facebook that used to present you content based on your friends, now present general content from anyone a la tiktok, and users like it better based on time spent on the app. People interact with their friends via messaging apps. It's not clear to me how a new social media app could use a social graph in a new interesting way.

At the same time, I can't help but think that this practice buys lock in for Apple in some way in the form of potentially new iphone features. And it's just veiled as a pro consumer privacy measure.

Time will tell.


> Most of the big social media platforms like instagram and facebook that used to present you content based on your friends, now present general content from anyone a la tiktok, and users like it better based on time spent on the app.

They now present you "content" based on the chances to trigger "engagement". And if you chomp on the bait you do end up spending more time in the app.

Has nothing to do with Apple though. More with profit.


Are these apps intended for use only by kids or do they fundamentally misunderstand what a contacts list is? Due to the enormous volume of spam sent to any person who has ever owned property or voted in the United States, the only real solution is never answer a phone call from an unknown number, and consequently put every business and contractor you ever expect to hear from into your contacts list. These are not actually my friends. Many of them are organizational numbers, many are numbers I have not called or been called from in 15 years, many of them likely long ago went out of service.

Remember when software just did what it said on the tin, and called it day? Now software is too often like the invited guest that proceeds to open your medicine cabinet, and then goes and roots around in the basement for something interesting. No, jackass, we just wanted you over for dinner and some conversation.

Same with these apps. “Boo hoo, we can’t root through your contacts anymore, it’s the Appocalypse!” No, jackass, no one ever said it was okay to dig through my contacts, quit acting so entitled.


About time. They better not let apps lock you out when you only allow 1 contact though, like it happens for photos (see Google Photos)

If that's what social apps need then I really really hope so.

This is a great feature and I’ve been wishing for it for a long time. While the growth hacker dooming is asinine, one legitimate complaint might be that if I have to pick individual contacts I might not remember to select every friend I could import; a nice intermediate solution would be to bring back “circles” aka folders so that I can with a single click grant apps access to all my friends but not by business contacts, say.

i wish we would stop sharing pay-walled content.

Oh boohoo. Poor devs.

The article is hyperbolic, and I can’t believe we’re in a situation where Apple is giving users more control and privacy and folks are complaining that their app won’t work. If your app relies on unmitigated access to personal contacts and users begrudgingly say yes then maybe you’re part of the problem.

> Now, some developers are worried that they may struggle to get new apps off the ground. Nikita Bier, a start-up founder and advisor who has created and sold several viral apps aimed at young people, has called the iOS 18 changes “the end of the world,” and said they could render new friend-based social apps “dead on arrival.”

Oh no! Now apps won't be able to suck up all your contacts and do god knows what with them, what a travesty! /s

Good riddance. Every time a social media app moans about an iOS/Android change I count it as a good thing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: