Apple responds to contact controversy, but Congress still wants answers

A week ago, a blogger in Singapore broke the story that iPhone app Path backs up a user’s entire address book – names, email addresses, phone numbers, and all – to its servers without asking for permission. Path quickly explained that this was done to make it easier to discover your friends using the app, apologized for not seeking permission, and deleted all user data to atone for the mistake.

But Path’s prompt response didn’t stop a few key questions from being asked. What other apps are uploading user data, and why doesn’t Apple require that developers ask a user’s permission before allowing apps to access contact data?

That’s the same question being asked by two U.S. Congressmen. House Representatives Henry Waxman, California, and G.K. Butterfield, North Carolina, have sent a letter to Apple seeking clarification on its privacy guidelines. The Democratic congressmen want to know why apps like Path and many more have been permitted to grab a user’s address book without permission, despite guidelines that say developers need that permission to “transmit data about a user.” Surely the contact information of everyone an iPhone owner knows should quality as data about a user.

It’s especially peculiar when one considers Apple’s history with app management. Apple has often been accused of being overbearing in the policies it implements for developers trying to get into the App Store. Every app and subsequent update is reviewed before it is permitted into the app store, so it doesn’t make sense for apps to be able to access the address book in this manner. Moreover, Apple requires that users grant explicit permission for apps to access their location information, so why not do the same for something equally as sensitive as an address book?

According to Apple spokesman Tom Neumayr, that is on the way. Speaking to AllThingsD, Neumayr said

Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.

Exactly when that will take place remains unclear. For now, Congress wants answers and users want to know who else is using their data. Apps confirmed to access data include big names like Facebook, Foodspotting, Foursquare, Twitter, and Yelp. Some apps do ask for permission to access data for to find your friends, but not all state that they will upload and store that information. In light of this controversy, many apps are wisely adjusting their terms and being upfront when asking for user data.

And just in case Apple and app developers are unclear, “user data” includes the names and numbers of all our friends.

Source: DCurti.s