| Apple: Access to Contacts Will Require Explicit Permission |
 |
 |
 |
| Wednesday, 15 February 2012 09:10 |
|
[More from Mashable: Apple MacBook Air Patented; Beware, Ultrabook Makers] The recent controversy began after an OS X developer discovered Path had been storing users' contact lists. While Path CEO Dave Morin quickly apologized, other apps such as Twitter, Foursquare and Yelp came forward to state they planned to change their mobile permission settings. Apple's response comes on the heels on an inquiry from the U.S. government. Two members of congress wrote a letter to Apple CEO Tim Cook Wednesday, expressing concern that app developers are accessing and storing data without obtaining user permission. Reps. Henry Waxman and G.K. Butterfield, both ranking members on the subcommittee on commerce, manufacturing and trade, asked Cook to examine the steps required to get data stored on users' phones. [More from Mashable: Why QR Codes Won’t Last] What do you think of Apple's statement? Let us know in the comments. Here's the complete text of the letter: Dear Mr. Cook: Last week, independent iOS app developer Arun Thampi blogged about his discovery that the social networking app “Path” was accessing and collecting the contents of his iPhone address book without ever having asked for his consent. The information taken without his permission – or that of the individual contacts who own that information – included full names, phone numbers, and email addresses. Following media coverage of Mr. Thampi’s discovery, Path’s Co-Founder and CEO Dave Morin quickly apologized, promised to delete from Path’s servers all data it had taken from its users’ address books, and announced the release of a new version of Path that would prompt users to opt in to sharing their address book contacts. This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts. The data management section of your iOS developer website states: “iOS has a comprehensive collection of tools and frameworks for storing, accessing, and sharing data. . . . iOS apps even have access to a device’s global data such as contacts in the Address Book, and photos in the Photo Library.” The app store review guidelines section states: “We review every app on the App Store based on a set of technical, content, and design criteria. This review criteria is now available to you in the App Store Review Guidelines.” This same section indicates that the guidelines are available only to registered members of the iOS Developer Program. However, tech blogs following the Path controversy indicate that the iOS App Guidelines require apps to get a user’s permission before “transmit[ting] data about a user”. In spite of this guidance, claims have been made that “there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference. It’s common practice, and many companies likely have your address book stored in their database.”[8] One blogger claims to have conducted a survey of developers of popular iOS apps and found that 13 of 15 had a “contacts database with millions of records” – with one claiming to have a database containing “Mark Zuckerberg's cell phone number, Larry Ellison’s home phone number and Bill Gates’ cell phone number.” The fact that the previous version of Path was able to gain approval for distribution through the Apple iTunes Store despite taking the contents of users’ address books without their permission suggests that there could be some truth to these claims. To more fully understand and assess these claims, we are requesting that you respond to the following questions: Sincerely,
Henry A. Waxman, Ranking Member, Subcommittee on Commerce, Manufacturing, and Trade cc: Dave Morin, Path, Co-Founder and CEO Image courtesy of iStockphoto, courtneyk This story originally published on Mashable here. |
