Apple To Issue Fix Requiring Permission To Gather Contact Data
Apple Inc. released a statement on Wednesday regarding user contact data in iOS apps downloaded from the company’s official App Store, saying the apps should not collect contact data without permission, and pledging to issue a software update soon that to address the problem.
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told the website AllThingsD.
“We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
The statement coincides with allegations that the Path app for iPhone had been harvesting user information without proper consent.
Legislators have also stepped in on the matter, calling for more transparency from Apple.
House Energy and Commerce Committee Chairman Henry Waxman (D-CA) and Commerce Manufacturing and Trade Subcommittee Chair G.K. Butterfield (D-NC) wrote a letter this week to Apple CEO Tim Cook expressing their concern over the privacy issues with Path, suggesting that Apple’s iOS app developer policies may fall short of protecting customer data.
Waxman and Butterfield also sent a copy of the letter, which cited reports that Path was grabbing users’ address books and uploading them to its servers, to Path CEO Dave Morin.
After the allegations of Path’s app went viral, Morin issued a mea culpa, saying the company has since deleted the address books from its servers.
“We now understand that the way we had designed our ‘Add Friends’ feature was wrong,” Morin said on February 8.
“We are deeply sorry if you were uncomfortable with how our application used your phone contacts.”
In their letter to Cook, Waxman and Butterfield sought answers to nine questions, including one about Apple’s previous decision to require developers to disclose use of location data in their iOS apps.
“You have built into your devices the ability to turn off in one place the transmission of location information entirely or on an app-by-app basis,” the letter read.
“Please explain why you have not done the same for address book information.”
Apple’s iOS App Store guidelines forbid programs from “transmit[ting] data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.”
The rules also prohibit apps “that require users to share personal information, such as email address and date of birth, in order to function.”
However, Apple had not updated those guidelines to specifically mention address books, although they have long banned apps that “do not notify and obtain user consent before collecting, transmitting, or using location data.”
When an application is submitted to the iTunes App Store, it goes through extensive testing to ensure it is of high enough quality for Apple to carry. However, Path’s situation is unique in that their initial version did pass the tests, but the subsequent version (2.0) opened the door for Path to gather user data without authorization from that user.
Apple’s statement today, along with its pledge to issue a software update addressing the issue, should help clarify its policy and put to rest concerns that the company’s apps are in violation of its terms.
—
On the Net: