Filed under: Security
Apple Feb. 15 vowed to require applications in its App Store that want users' address book data to get user approval. This is a response to an inquiry from two U.S. senators.
Apple (NASDAQ:AAPL) said any application that wants to access user contact data will require explicit user approval; this is a response to two senators' inquiries into the application data privacy problem that came to light with Path and other software makers.
Social network service Path and several other makers of iOS applications store users' address books on remote servers without users' explicit permission. Address books include full names, phone numbers and email addresses. After a week of silence on the subject, Apple has bowed to political pressure.
"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," Apple claimed in a statement Feb. 15.
"We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
Apple did not specify when the future release would arrive to address the issue, which blew up after Apple iOS application developer Arun Thampi discovered Path's privacy issue a week ago.
Path CEO Dave Morin acknowledged the company uploads the address book to its servers to help users find and connect to their friends and family on Path quickly and notify users when friends and family join the service.
Morin apologized and vowed to roll out an upgrade to the company's iOS app that requires users to opt-in to share their address book with Path. Path also deleted the address book user data it had collected. The issue blew up broader when it was discovered the privacy issue wasn't limited to Path.
Thanks to an unusually less-than-stringent approach to privacy by Apple's iOS developer policies, iOS apps from Foursquare, Yelp, Twitter and others also were found to gather information from iPhone users' personal address books.
As privacy issues that drag on for days in the media tend to do, the Apple privacy issue finally caught the attention of lawmakers.
Energy and Commerce Committee Ranking Member Henry A. Waxman and Commerce, Manufacturing and Trade Subcommittee Ranking Member G. K. Butterfield Feb. 15 sent a letter to Apple CEO Tim Cook requesting more information about the company's privacy policies.
"There have been claims that the practice of collecting consumers' address book contacts without their permission is common and accepted among iOS app developers," Waxman and Butterfield wrote. "This raises questions of whether Apples iOS app developer policies and practices adequately protect consumer privacy."
The senators asked Cook to describe all iOS app guidelines that concern criteria related to the privacy and security of data that will be accessed or transmitted by an app and want to know how Apple determines whether an app meets those criteria.
Many Google (NASDAQ:GOOG) Android applications available in the Android Market also tap into users' address book data. However, Google's policy for developers is that every app must have a prompt for users to grant permission before they can install the app to their phones.