Congress Weighs in on iOS Apps Collecting Address Book and Other Personal Data

path address bookLast week, controversy erupted when it was discovered that the popular iOS app Path was uploading users' entire address books to the company's servers without alerting users or asking for authorization. While Path quickly deleted all address book data on its servers and updated its app to make the data collection an opt-in service, the issue has cast a fresh light on user privacy issues on iOS.

As noted by The Next Web, U.S. Congressmen Henry Waxman and G.K. Butterfield have now weighed on in the issue, sending a letter to Apple requesting information on the company's data collection policies it imposes on App Store developers.

In a letter to Apple CEO Tim Cook, the legislators state:

"This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts."

Butterfield and Waxman then quote parts of Apple’s iOS developer website which states that Apple provides a comprehensive collection of tools and frameworks for storing, accessing and sharing data. It is then questioned whether Apple requires apps to request user permission before transmitting data about a user.

Butterfield and Waxman have requested that Apple provide answers to a series of questions by February 29, with the topics including Apple's definition of user data, how the App Store review process assesses compliance with guidelines on privacy, and data on how many apps transmit "data about a user" in general and address book data in particular. The Congressmen have also asked Apple to explain why it has not instituted a simple toggle setting for address book sharing as it has for location information.

It is not terribly unusual for Congress to request information from companies when issues related to consumer protection and privacy arise, and Apple was subject to a similar process when questions about location information arose last year. In that case, Senator Al Franken contacted Apple with questions about the company's policies, with executives from Apple and Google later testifying in a Senate hearing on the matter.

Popular Stories

Apple Glass

Apple Smart Glasses: Everything We Know So Far

Wednesday May 21, 2025 8:21 am PDT by
Google made waves yesterday by showcasing a set of lightweight smart glasses featuring deep Gemini integration and an optional in-lens display. The demo has reignited interest in Apple's own smart glasses project, which has been the subject of rumors for nearly a decade. Here's a recap of where things stand. Current Development Status Apple is actively working on new chips specifically...
iPhone 17 Air Pastel Feature

iPhone 17 Air Battery Capacity and Weight Allegedly Revealed

Monday May 19, 2025 2:22 am PDT by
Apple is expected to launch an all-new ultra-thin iPhone 17 Air later this year, and while there have been plenty of rumors about the camera's overall design and thinness, we haven't heard any details about the device's weight and battery capacity until now. According to the leaker going by the account name "yeux1122" on the Korean-langauge Naver blog, the 6.6-inch iPhone 17 Air has a weight ...
Apple CarPlay Ultra instrument cluster themes 01

Apple's CarPlay Ultra Is Here – Does Your iPhone Support It?

Thursday May 15, 2025 5:17 am PDT by
Apple's recently announced CarPlay Ultra promises a deeply integrated in-car experience, but not all iPhone users will be able to take advantage of the new feature. According to Apple's press release, CarPlay Ultra requires an iPhone 12 or later running iOS 18.5 or later. This means if you're using an iPhone 11, iPhone XR, or any older model, you'll need to upgrade your device to access...
WWDC 2025 Banner

Apple Announces WWDC 2025 Schedule, Including Keynote Time

Tuesday May 20, 2025 8:13 am PDT by
Apple today announced a more detailed schedule for its annual developers conference WWDC, which runs from June 9 through June 13. The schedule confirms that Apple's keynote will begin on Monday, June 9 at 10 a.m. Pacific Time, with a live stream to be available on Apple.com, in the Apple TV app, and on YouTube. During the keynote, Apple is expected to announce iOS 19, iPadOS 19, macOS 16,...
macOS 16 visionOS Inspired Feature 1

macOS 16: Everything We Know So Far

Tuesday May 20, 2025 7:31 am PDT by
The Worldwide Developers Conference (WWDC), Apple's annual developer and software-oriented event, is less than three weeks away. We haven't heard a great deal about macOS 16 ahead of its announcement this year, so we could be in for some major surprises when June 9 rolls around. Here's what we know so far about the next major update to Apple's Mac operating system. macOS 16 Name? Every year ...
maxresdefault

OpenAI Buys Jony Ive's AI Startup to 'Completely Reimagine What It Means to Use a Computer'

Wednesday May 21, 2025 10:27 am PDT by
OpenAI is acquiring io, the hardware-based AI startup co-created by Jony Ive, OpenAI announced today. Ive has been working with OpenAI CEO Sam Altman on io for two years, and the duo expects to develop a family of AI devices. In a video shared by OpenAI, Altman and Ive outlined their partnership and what they expect to create as a result of the merger. "I have a growing sense that everything ...
Apple CarPlay Ultra instrument cluster themes 01

Apple's 'CarPlay Ultra' Experience Now Available

Thursday May 15, 2025 5:07 am PDT by
Apple today announced that its next-generation CarPlay experience, now dubbed "CarPlay Ultra" begins rolling out today, starting with Aston Martin vehicles. Subscribe to the MacRumors YouTube channel for more videos. CarPlay Ultra is now available with new Aston Martin vehicle orders in the U.S. and Canada. It will also be available for existing models that feature the brand's next-generation ...

Top Rated Comments

ChazUK Avatar
173 months ago
This whole fisaco is why I like to see a list of permissions before installing an app, ala WP7/Android.
Flashlight app wants full internet access, location and contacts? No install for you!

Example:
Score: 17 Votes (Like | Disagree)
gnasher729 Avatar
173 months ago
If an app uploads my complete address book to their servers, which is absolutely no ****ing business of theirs, then Apple should refund the money to all purchasers, remove the app permanently, and ban the developer. There is just no excuse in the world for that.


iOS should display a request when an App requires access to user data (address book, photos, etc), anything that is external to the App itself.

Isn't that what the new App Sandboxing is about in Lion?
No. Sandboxing isn't about asking permission, it is about being able to do something or not. An app can request the ability to access your address book or not. If it requests it, it can. If it doesn't, it can't. They idea is that when deciding to accept the app or not, Apple will check whether the app has requested the ability, and if the app has any good reason to do so.

Another thing is that Apple can eventually provide sandboxed code to do things. For example, some code that lets the user choose a name from the address book and send an email to that person. That code would live in its little sandbox with access to address book and email. However, the rest of the application wouldn't be able to access the address book. So a game could allow you to send a picture to a friend that way, without itself being able to read your address book.
Score: 13 Votes (Like | Disagree)
Yvan256 Avatar
173 months ago
iOS should display a request when an App requires access to user data (address book, photos, etc), anything that is external to the App itself.

Isn't that what the new App Sandboxing is about in Lion?
Score: 9 Votes (Like | Disagree)
ppilone Avatar
173 months ago
For the love of all things important my people's government- go work on some real fricken issues; and stay the hell out of what you have no clue about.

Oh wait...

So Congress can't do their job 9 times out of 10, and the 1 time they pressure a company to answer legitimate questions regarding consumer privacy you're equally as mad?
Score: 8 Votes (Like | Disagree)
samcraig Avatar
173 months ago
Google has a complete record of people's emails, voicemails, websurfing habits (remember, with the new "privacy policy" they are indexing your entire web existence if you use their 8.8.8.8 DNS), Google+ friends and interactions, the list is almost endless.


Slight difference I believe. If I'm using someone's services for my email and contact information - I can pretty much assume - since they are HOSTING that info - they have access to it.

However - this is completely differerent. A private device with personal data which is then being unknowingly uploaded to 3rd parties without consent.

If you don't see the difference, well....
Score: 7 Votes (Like | Disagree)
3460169 Avatar
173 months ago
Apple needs to be much more careful about privacy if they insist on making their iOS devices so simplistic that average Joe End User potentially has no idea what a given app is doing behind the scenes as in the Path example. We can't count on XYZ Developer being honest (and asking for permission to, e.g., scan my address book) or competent but the maintainers and enforcers of the Walled Garden certainly ought to be. We're handing off a lot of trust value to Apple to get this right.
Score: 6 Votes (Like | Disagree)