Wednesday, November 19, 2014

UPDATE: iOS app privacy

How does a Google or Microsoft iOS app know that I have other Google or Microsoft apps installed on my iOS device?  For example, if I download and install Chrome (after having, perhaps Google Maps installed and myself logged in), I am greeted with to offer to sign in - and Chrome already knows my Google ID.  Similarly, if I download Word, log-in, and then download Excel, Excel already knows my Microsoft ID.

This is surprising as it means the apps have access to both a list of my existing apps (I think this is okay but not ideal) as well as my user ID (huh?).  Is it possible for me to write an app that can: (i) determine a user's Google ID; and (ii) ask the user to log in and thus give me credentials?  (i) alone seems bad, (ii) is very bad.

Also, noting that I do not even need to provide a password to confirm to Chrome that I am myself, is there some serious security lapse here?

All very odd

UPDATE: Is this related?  It's not completely the same (as this seems narrower than knowing my Google ID and Microsoft ID).  But perhaps part of the same framework?

No comments: