Apple and Path go under the congressional microscope over privacy leaks [Updated]

Just how private is your iPhone's address book? That's exactly the question that the U.S. government is asking Apple in light of news that a number of apps are harvesting names, numbers, and email address from your phone's address book and uploading them to private servers, often without your permission.

A number of apps such as Facebook and Twitter use your address book to help you find your friends and get you started with the app. Typically, this happens only with your explicit permission. But Path, a major social networking app, was storing users' private address book data on its own servers, all while saying that they weren't. Even more worrisome, other apps transmit your address book information unsecurely in plain, unencrypted text. That's a major breach of trust, and a real privacy hazard.

Path has apologized, saying that they'll be deleting the stored data. That's all well and good, but Congress wants to know whether a situation like Pathgate could happen again.

In a letter to Apple CEO Tim Cook, Reps. Henry Waxman (D-CA) and G.K. Butterfield (D-NC), ranking members of the House Subcommittee on Commerce, Manufacturing, and Trade write: "It's common practice, and many companies likely have your address book stored in their database.' One blogger claims to have conducted a survey of developers of popular iOS apps and found that 13 of 15 had a 'contacts database with millions of records' – with one claiming to have a database containing 'Mark Zuckerberg's cell phone number, Larry Ellison's home phone number and Bill Gates' cell phone number.'

"The fact that the previous version of Path was able to gain approval for distribution through the Apple iTunes Store despite taking the contents of users’ address books without their permission suggests that there could be some truth to these claims."

To understand the breadth of the problem, Congress is demanding Apple turn over information about the number of iOS apps that transmit "data about a user" and how many do so without user's consent. The Subcommittee also wants to know what Apple does to protect users' "privacy and security interests," and why Apple allows third-party apps such as Path to access to your address book without being required to ask for your permission.

The government has given Apple until February 29 to respond to the letter. But for their part, Apple isn't waiting. The company explained today that apps which transmit a user's contact data without permission are in violation of Apple guidelines. The computing giant is working on a software update that will require "explicit user approval" for apps to transmit address book info.

(Source)

Leave a comment