Share

Related Stories

Top 5 Stories

News

Apple changes app policy after taking congressional heat

16 February 2012

Apple said it will require iPhone and iPad applications to seek explicit approval from users before accessing users’ address book data after receiving congressional heat over the issue.

The Apple announcement, reported by Reuters, came after two US representatives sent a letter to Apple CEO Tim Cook asking for information about its app review procedures. The move was in response to news that the Path social networking app, available on the iTunes Store, was downloading users’ address books without their consent.

In the letter, Reps. Henry Waxman (D-Calif.) and G.K. Butterfield (D-N.C.) asked Apple to provide detailed information about its policies regarding apps transmitting data, as well as the company's review policy to determine whether developers comply.

They sent the letter in response to a blog by Arun Thampi about his discovery that the Path social networking app had accessed and collected the contents of his iPhone address book without asking his permission.

"This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts", the representatives wrote.

The lawmakers cited a blog by Dustin Curtis, who wrote that “there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission to remove servers and then store it for future reference.”

Curtis said he conducted a survey of developers of popular iOS apps and found that 13 of 15 had a "contacts database with millions of records" – with one claiming to have a database containing "Mark Zuckerberg's cell phone number, Larry Ellison's home phone number and Bill Gates ' cell phone number.”

The lawmakers gave Apple until Feb. 29 to respond to nine detailed questions about its iTunes Store app policies and procedures.

This article is featured in:
Application Security  •  Data Loss  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×