iPhone App Access to Contacts
February 24, 2011 1:01 PM Subscribe
iPhone security question: My employer is considering allowing the use of iPhones (and possibly Android phones) in place of our traditional Blackberries, but is concerned about ensuring security of our confidential information. We already know how to turn off the ability of apps to access location data on the iPhone, but I'm also looking for a way to prevent apps from accessing the contact list. Perhaps my GoogleFu is failing me--is there an easy (or not so easy) way to do this?
Response by poster: I understand that our IT folks did an internal trial of Good, and there were some issues that were preventing adoption. I may have to check on that again, though.
posted by monju_bosatsu at 1:21 PM on February 24, 2011
posted by monju_bosatsu at 1:21 PM on February 24, 2011
Best answer: I don't think it is possible via iOS, if your users are using the device address book.
If you're currently using Exchange for your RIM devices, you could enforce a data encryption / passcode policy, as well as perform remote wipes of lost iOS devices, but when the device is used, any app has access to device-wide address book sources (local, LDAP, Exchange GAL, etc.) through the iOS API. I can't find information on Exchange policies that would prevent contact list access, but that's not saying it doesn't exist.
When an app accesses the address book, I do not think the user gets notification. It's a bit of a glaring hole in the usual notification procedure that iOS uses for asking users about confirming access to location and other device services. Maybe it will be a feature that gets looked at for iOS 5.
You might visit the IT Security stackexchange site for advice on iOS and Android, as well.
posted by Blazecock Pileon at 1:40 PM on February 24, 2011 [1 favorite]
If you're currently using Exchange for your RIM devices, you could enforce a data encryption / passcode policy, as well as perform remote wipes of lost iOS devices, but when the device is used, any app has access to device-wide address book sources (local, LDAP, Exchange GAL, etc.) through the iOS API. I can't find information on Exchange policies that would prevent contact list access, but that's not saying it doesn't exist.
When an app accesses the address book, I do not think the user gets notification. It's a bit of a glaring hole in the usual notification procedure that iOS uses for asking users about confirming access to location and other device services. Maybe it will be a feature that gets looked at for iOS 5.
You might visit the IT Security stackexchange site for advice on iOS and Android, as well.
posted by Blazecock Pileon at 1:40 PM on February 24, 2011 [1 favorite]
Best answer: Other players with unified mobile solutions to ask: Mobile Iron (1000s of licenses and up only) and McAfee EMM.
posted by benzenedream at 4:53 PM on February 24, 2011
posted by benzenedream at 4:53 PM on February 24, 2011
All props to iPhones, but they aren't really known for being particularly great at the standard business communication game. Frankly, I would go digging to see what Apple says about this use of them: what they claim, promise or deny about confidentiality and all of that. If they have nothing to say, I would not be comfortable relying on some app to be able to reign in the iOS propensities.
posted by gjc at 5:46 PM on February 24, 2011
posted by gjc at 5:46 PM on February 24, 2011
The (rather large) financial services company I work for is going with Good too. I don't know a lot about it, other than that apparently it solves their security concerns, which are basically the same as you stated.
posted by Diag at 6:32 PM on February 24, 2011
posted by Diag at 6:32 PM on February 24, 2011
Response by poster: Thanks folks, sadly it looks like there is no good native solution at this point. Hopefully iOS 5 will change that, but in the meantime, it looks like we're stuck working with something like Good or Mobile Iron.
posted by monju_bosatsu at 7:42 AM on February 25, 2011
posted by monju_bosatsu at 7:42 AM on February 25, 2011
This thread is closed to new comments.
posted by iamabot at 1:16 PM on February 24, 2011