Quote:
Originally Posted by murraypaul
|
Yep, a welcomed change that will at least allow you to recognise apps that are trying to access data they have no business touching.
I doubt it would have helped avoid the linkedin issue though, since people would have granted contact access thinking it's only sending name/email for matching purposes whilst it was transfering everything behind the scenes.
I do wonder why they didn't pre-process the contact info on the iphone and only send hashes of names/emails back to their servers. That way any email address/contact who is not a member of linked-in would not have their details exposed to linked in, yet those hashes could be compared against their current member list to find matches. Not that it's perfect nor secure by any means.
If they wanted to do it properly though they'd implement some form of secure computation such as
garbled circuits. Considering they didn't hash/salt their password db though, security wasn't their highest priority :P