• by Wendy Davis  @wendyndavis, March 25, 2015

Apple will have to face a privacy lawsuit by a group of iPhone users who say the company enabled developers to access people's address books without their permission, a judge has ruled.

A dozen app developers -- including Yelp, Path, Twitter and Instagram -- also must face litigation in the matter, U.S. District Court Judge Jon Tigar in the Northern District of California said in a ruling issued this week.

The court battle stems from allegations in 2012 that mobile social networks Path and Hipster accessed and downloaded users' address books without their knowledge. The allegations against Path resulted in charges by the Federal Trade Commission, which the company settled by agreeing to create a comprehensive privacy policy.

Soon after reports about Path and Hipster surfaced, observers accused other mobile companies -- including Twitter, Yelp, and Foodspotting -- of downloading and storing users' address books. Unlike Path, those other companies reportedly asked people for permission to access their address books, in order to help them connect with friends who also used the service. But Twitter, Yelp and the other developers allegedly didn't specify that they would store the data.

iPhone user Marc Opperman, and a group of other consumers, allege in their potential class-action lawsuit that Apple's marketing materials -- including ads, blog posts and corporate statements -- misled consumers into believing that iPhones and iPads would keep personal data secure.

Apple argued that the matter should be dismissed before trial for several reasons, including that the consumers didn't provide specifics about the ads and corporate statements they saw.

But Tigar wrote in a 34-page opinion that the consumers alleged enough facts to justify further proceedings.

“The majority of plaintiffs have averred that they viewed the alleged campaign prior to their purchase of their iDevices,” he wrote. “The exact dates of viewing are less relevant than is the fact that plaintiffs viewed the campaign before they purchased their iDevices -- the implication being that they, therefore, relied on the campaign in choosing their purchases.”

Opperman and the consumers also argue that Apple is responsible for the alleged privacy violations because its application program interface permitted apps to access address book data, and that Apple controlled the development of apps through its App Store.

Apple argued that it withdrew apps from the App Store upon learning that they accessed data without consumers' consent.

Tigar said in the decision that he didn't yet have enough facts to rule on allegations that Apple “aided and abetted” the app developers.

Tigar also rejected developers' requests to dismiss invasion of privacy allegations. The developers (except for Path) argued that the consumers didn't have an expectation of privacy in their address books, because they used the apps' friend-finder features.

But Tigar said that even if people knew the service would scan their address books, they didn't necessarily know that the data would be used in “other, unauthorized ways.”

“Plaintiffs allege not only that app defendants accessed their address book information and used it to 'Find Friends,' but that the Apps also uploaded, misused, and/or misappropriated that data,” he wrote. “To the extent that apps used plaintiffs’ information for something other than purely 'Finding Friends,' plaintiffs retained a reasonable expectation of privacy in that information.”

The developers currently facing suit in the case include Twitter, Foodspotting, Yelp, Foursquare Labs, Chillingo, Electronic Arts Inc, Rovio Mobile Oy, ZeptoLab UK, Gowalla, Instagram, Kik Interactive and Path.