CNContactViewController saves all contacts to the user's address book
| Originator: | raylillywhite | ||
| Number: | rdar://24855256 | Date Originated: | 26-Feb-2016 00:16 AM |
| Status: | Open | Resolved: | |
| Product: | iOS SDK | Product Version: | 9.2.1 |
| Classification: | Serious Bug | Reproducible: | Always |
Summary: CNContactViewContorller's documentation states that if the contactStore property isn't set, then "adding the contact to the user's contacts is disabled." However, there seems to be nothing that you can do to prevent CNContactViewController from saving a contact that it edits to the user's address book. This is a major problem for apps that intend to securely keep & modify contacts separately from the users address book (such as medical apps that may hold patient health information). Steps to Reproduce: Present a contact view controller with a contact that isn't from the user's address book: ```swift let contact = CNMutableContact() contact.givenName = "Private" contact.familyName = "Information" let vc = CNContactViewController(forContact: contact) let nav = UINavigationController(rootViewController: vc) self.presentViewController(nav, animated: true, completion: nil) ``` Press "Edit" Press "Done" Go to the address book, and you'll see an entry for "Private Information" Expected Results: That the entry is not in the address book, as documented. Or that contactStore has a non-nil value by default, that can be cleared to prevent storing the contact in the address book. Actual Results: The contact is saved to the address book, potentially violating privacy and security.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!