Apple to ban stealthy iPhone contact data harvesting
Promises update to iOS after Congress asks about apps that grab address book without permission
Computerworld - Shortly after two U.S. Congressmen asked Apple to answer questions about iPhone and iPad apps that snatch users' contact lists without permission, the Cupertino, Calif. company promised it will address the issue with a future software update.
Earlier today, Reps. Henry Waxman (D-Calif.) and G.K. Butterfield (D-N.C.) sent a letter to Apple CEO Tim Cook asking him about iOS apps that have harvested users' address book information without permission.
Waxman and Butterfield cited reports that Path, which sells an iOS online journal app, was grabbing users' address books and uploading them to its servers. After the allegations went viral, Path's CEO apologized and said the company deleted the collected address books from its servers.
"We now understand that the way we had designed our 'Add Friends' feature was wrong," acknowledged Path CEO Dave Morin in a Feb. 8 mea culpa. "We are deeply sorry if you were uncomfortable with how our application used your phone contacts."
In the letter to Cook, Waxman and Butterfield, who are the top Democrats on two House committees, asked, "Whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts."
Waxman and Butterfield also sent a copy of the letter to Morin.
The legislators wanted answers to nine questions, including one about Apple's earlier decision to require developers to disclose use of location data in their iOS apps.
"You have built into your devices the ability to turn off in one place the transmission of location information entirely or on an app-by-app basis," their letter stated. "Please explain why you have not done the same for address book information."
In a statement issued to some media outlets, including the AllThingsD blog and the Reuters news service, Apple responded to that question.
"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," an Apple spokesman told AllThingsD and Reuters. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
Apple did not immediately confirm the statement's accuracy.
In December, Apple reacted to controversy that third-party software was surreptitiously collecting a glut of information from iPhone users by promising it would provide an iOS update to remove the Carrier IQ code from all its smartphones.
At the time, a company spokeswoman said, "With any diagnostic data sent to Apple, customers must actively opt-in to share this information."
Apple's iOS App Store guidelines forbid programs from "transmit[ting] data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used."
Those rules also ban apps "that require users to share personal information, such as email address and date of birth, in order to function."
Apple has not updated those guidelines to specifically mention address books, although they have long prohibited apps that "do not notify and obtain user consent before collecting, transmitting, or using location data."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Heartbleed flaw affects mobile apps, too
- Microsoft gets strategic with its Enterprise Mobility Suite
- Apple slates WWDC for June 2-6, sets up ticket lottery
- Nadella to Cook on Office revenue sharing: Drop dead
- Update: Microsoft unveils Office for iPad
- iOS tops Android for Web browsing in U.S. and other developed nations
- Apple ships iOS 7.1 with CarPlay support, home screen crash fix
- Apple to fix iOS 7 crash bug
- Apple rang up $10B in app sales in 2013
- Balky browsers tick off tablet owners
Read more about Privacy in Computerworld's Privacy Topic Center.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Privacy White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!