A change in iOS 13 blocks third-party applications from accessing the Notes field in the Contacts app. This is because many people have the bad habit of storing confidential information in this field, forgetting that they then give mapping, social networking and other types of apps access to all their Contacts data.
The change isn’t Apple fixing a security hole the company itself introduced. Instead, iPhone and iPad are compensating for users storing personal information insecurely.
Contacts is bad place to put private info
Here’s a typical scenario: along with listing their their parents’ address in Contacts, someone stores the code for Mom and Dad’s security system in the Notes field. It’s a convenient place to put this — when they need this address they also often need the security code too.
At some later date, this person gives Google’s Waze access to their Contacts data so this navigation app can easily route them to their friends’ houses. What they don’t consider is that they’ve also just given Google their parent’s security code.
Or maybe it’s a parent storing their child’s Social Security number in Contact’s Notes field. Or passwords. Or any other kind of private information.
And there are plenty of apps that ask for access to user’s address books. Facebook frequently requests this information, for example. Under iOS 12 and before, all these apps can read everything in the address book database, including the Notes field.
Fixing a bad user habit
The Contacts application is not intended to store confidential information. iOS is designed to allow users to give third-party apps access to it. But sometimes it gets used for that task anyway.
So Apple is tweaking iOS 13 so third-party apps can’t access notes stored in Contacts. This won’t affect access to the other information.