UIDevice.name can inadvertently give access to the user's real name
| Originator: | insidegui | ||
| Number: | rdar://39474317 | Date Originated: | 04/16/2018 |
| Status: | Duplicate of 22474518 | Resolved: | |
| Product: | iOS | Product Version: | |
| Classification: | Suggestion | Reproducible: |
The default behavior for a new iOS installation is to name the device after the owner's real name, something like "Guilherme's iPhone". Since this information can be easily accessed by any code running on the device, it's trivially simple to gather the user's real name without their consent. I've seen many apps upload this information to the cloud and associate it with other data, making it so the data is not anonymous even though the user has not explicitly given their name to the app. I've even seen some users use their full name as the name of their device. Here are some suggestions as to how this could be improved: 1 - Change the default behavior as to not include the user's real name as the name of the device 2 - Require permission from the user before an app can use this API for the first time, as it's done for location, photo library, etc 3 - Make it very clear to the user that this information is accessible to apps and can be accessed without their explicit consent
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!