With recent security flaws found in both the iPhone (s aapl) and Android (s goog) platforms, and the numerous iPhone apps which can scan your address book, your private and confidential contact information is at risk. With both the iPhone and Mac address book syncing to Google or MobileMe, your address book data can be hacked without access to your actual phone. It’s time to think twice about what you store in your address book.
This is especially important if you, like many people, store information like credit card numbers and passwords in the address book. Ideally this private information is stored in a separate app on your iPhone such as one of these Weldon reviewed. However, not everyone is going to do that, and I have a possible compromise for those who want to store sensitive information in their address book.
The basic technique is to hide the sensitive data in plain sight, as part of what looks like just another ordinary contact. While it sure makes life easier to store your American Express card number under “American Express,” it also makes it easier for a criminal. If you absolutely need to store a credit card number, don’t be so obvious about it!
For credit cards, I suggest filing under a false name that only you know such as “Dave AX Smith.” Then use your own scheme of hiding the number as a combination of the street address and phone number, possibly across multiple contacts. I’m not going to tell you my exact strategy for storing this information, but it’s something I know and use for multiple credit cards. In this example, it’s an American express card with a number of 123456789012345 with an expiration of 09/12.
Here’s the way the card looks. It would be very unlikely someone browsing the address book could figure out it is a credit card.
A variation of this scheme can be used for passwords to websites or other sensitive information. If you think your address book is private, it’s time to get over that fallacy and take steps to protect the data within. While you may not choose my exact method, please be aware of the risks your address book is subject to and come up with some way of obscuring the data. If you don’t want to use a separate app for storing sensitive information, that’s fine, but I’d suggest you consider this middle ground.