Apple’s Address Book app doesn’t encrypt your contact lists when it syncs with Google or Gmail, and sends those lists in plain text over wifi whenever it updates, according to Ars Technica and The Washington Post.
That’s why it is how easy for the NSA to snoop through your email contacts, Ars Technica explains. Anyone monitoring a wifi connection can just read Apple users’ email addresses in plain English as they go by. It looks like this:
Apple’s Address Book app pings Google for new email contacts about once an hour, Ars Technica says:
… the NSA’s Special Source Operations branch collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, and 33,697 from Gmail during a single day last year. The comparatively low number of contact lists acquired from Gmail is noteworthy considering it is among the most widely used online e-mail services. A key contributor to that low rate is almost certainly Google’s default use of HTTPS to encrypt e-mail traffic.