The iPhone address debacle, which began with the revelation that Path uploads users’ iOS address books, and continued today with the revelation that Twitter also uploads and stores your iPhone contacts, has come to close with Apple announcing that users will need to grant permissions to apps to access certain personal information.

Rob Beschizza at BoingBoing sums up the need for this sort of privacy control:

“But like I said at the beginning of this, normal people don’t care.”

Normal people, in this view, don’t care what it’s like to be a queer kid in a rural town, or a single woman seeking abortion advice in the South, or a silent victim of abuse or illness anonymously searching for kindred spirits. Such people, whose address books might expose embarrassing or even dangerous secrets, are abnormal.

It can be difficult to imagine how privacy failures could harm people totally unlike oneself. But it’s another thing entirely to assume that they’re undeserving of consideration, or to regard their advocates as Toohey-like ethical jobsworths out to cut down your journalistic subjects’ entrepreneurial spirit.

But I fear this is just going to lead iOS users to the same problem Android users (myself included) have: permissions blindness. The real problem is that you can’t selective choice what permissions an app gets: it’s all or nothing. If you want to use an app, you have accept its terms of agreement, and give it access to whatever it asks for.

At Strata Summit last year Cory Doctorow presented an alternative vision: one in which you can use any app you like, and selectively disable certain permissions for the app. No more all or none decisions. Doctorow explains that Cyanogen Mod, a popular custom version of Android, gives users the ability to upload fake location data to apps that require location awareness permissions.

The idea of being able to selectively reject aspects of terms of service has been around since at least 2006, when Doc Searls and company first started talking about Vendor Relationship Management. It seems like the has come up about once a year ever since, and each time we hope that this year will finally be the year that VRM becomes a widespread reality.

If it happens, it wouldn’t be a moment too soon. We’ve seen enough examples already in which human error and a lack of emphasis on security on the part of application developers has lead to a security flaws. IT has enough to worry about as more employees use tools like Dropbox to share data without also having to worry about the terms of service of such applications also allowing an app to transmit and store sensitive information.