At WWDC this week, Apple announced that iOS 13 will block developers from accessing data from the “Notes” field of the Contacts app. TechCrunch explains that this is because of a user habit where they store sensitive information in that Notes field.
The report notes that many iPhone users adopted the Notes section of the Contacts app as a makeshift address book and password manager. Security professionals have warned against this practice, but the user habit has been hard to break.
Yet, people continued to use their Address Book as a makeshift password manager. Or they would enter in a variety of other private information into the Notes field in Contacts. Perhaps they’d note their ATM pin code, the door code for their home, a vault code, a social security number, credit card information, and more. They may also have written down private notes about a person that they wouldn’t want shared.
In past versions of iOS, when developers requested access to the Contacts application, they would receive all of the data from the Notes field. Now, however, Apple is blocking developers from accessing the Notes data in Contacts over the aforementioned security concerns:
Apple is closing a loophole that allowed app developers to access users’ potentially sensitive and private data. With the launch of iOS 13, apps that request access to users’ Contacts will no longer be able to read the data in the “Notes” field of those address book entries.
The Notes field, Apple said, could include potentially sensitive details like sneaky comments about the boss. In reality, many users’ Notes field may have contained much worse than that.
Apple pointed out that most apps have no need for this data in the first place. If a developer actually needs it, however, they will be able to file a request for an exception to the new rule.