Privacy Nutrition Labels
For the past few months iOS has had an regression where contacts’ existing preferred phone number and mail address preferences are gone and can’t be set anymore. Which means Siri now always asks back which number to call, even for contacts where the last 50 calls always went to the same number! And apparently I am not alone with this Issue.
Apple does not always expose the entirety of their functionality within their built-in apps. For instance HomeKit has certain automations that are only accessible programmatically via the HomeKit API, where you need to resort to 3rd-party apps for advanced setups. So I went to the App Stores list of “Contact Manager” apps and unsurprisingly the vast majority didn’t have a Privacy Labet yet. Go figure 😅. And all except for a few that do have one, don’t list that they access the Contacts (not even under the “App Functionality” section).
How can that be? How can an App that is called anything like for instance “Contacts Transfer” even get through manual review with a “Data not Collected” label, when the first thing this app does on start (after urging you to accept their ToS), is to ask you to give them access to their contacts? And they even mention that they will upload them to their server provide the service!
(I don’t have anything against this particular app, it merely serves as an example of the wider problem)
Hint @Apple: You are known for scanning the binaries for malicious code (and private API uses). Why don’t you cross-check the Privacy Labels against that? So that when an App contains the code to access the users Contacts and accidentally forgets to mention that in the Label –> Reject it.