New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Congressmen Send Inquiries to 34 App Developers Over Privacy Practices

Representatives Henry A. Waxman (D-CA) and G.K. Butterfield (D-NC) have sent letters to thirty-four app developers with a number of questions about their information collection and use practices. This follows on a letter from the Congressmen sent to Apple requesting information on the company's data collection policies it imposes on App Store developers.

The letters were sent to a wide variety of developers, and were selected by the Representatives on the basis of "their inclusion in the “Social Networking” subcategory within the “iPhone Essentials” area of Apple’s App Store." They include Turntable.FM, Twitter, Tweetbot, Path, Instagram, Facebook, and Apple itself.

Last month, a developer of applications ("apps") for Apple's mobile devices discovered that the social networking app Path was accessing and collecting the contents of his iPhone address book without having asked for his consent. Following the reports about Path, developers and members of the press ran their own small-scale tests of the code for other popular apps for Apple's mobile devices to determine which were accessing address book information. Around this time, three other apps released new versions to include a prompt asking for users' consent before accessing the address book. In addition, concerns were subsequently raised about the manner in which apps can access photographs on Apple's mobile devices.

We are writing to you because we want to better understand the information collection and use policies and practices of apps for Apple's mobile devices with a social element. We request that you respond to the following questions:

(1) Through the end of February 2012, how many times was your iOS app downloaded from Apple's App Store?

(2) Did you have a privacy policy in place for your iOS app at the end of February 2012? If so, please tell us when your iOS app was first made available in Apple's App Store and when you first had a privacy policy in place. In addition, please describe how that policy is made available to your app users and please provide a copy of the most recent policy.

(3) Has your iOS app at any time transmitted information from or about a user's address book? If so, which fields? Also, please describe all measures taken to protect or secure that information during transmission and the periods of time during which those measures were in effect.

(4) Have you at any time stored information from or about a user's address book? If so, which field? Also, please describe all measures taken to protect or secure that information during storage and the periods of time during which those measures were in effect.

(5) At any time, has your iOS app transmitted or have you stored any other information from or about a user's device - including, but not limited to, the user's phone number, email account information, calendar, photo gallery, WiFi connection log, the Unique Device Identifier (UDID), a Media Access Control (MAC) address, or any other identifier unique to a specific device?

(6) To the extent you store any address book information or any of the information in question 5, please describe all purposes for which you store or use that information, the length of time for which you keep it, and your policies regarding sharing of that information.

(7) To the extent you transmit or store any address book information or any of the information in question 5, please describe all notices delivered to uscrs on the mobile device screen about your collection and use practices both prior to and after February 8, 2012.

(8) The iOS Developer Program License Agreement detailing the obligations and responsibilities of app developers reportedly states that a developer and its applications "may not collect user or device data without prior user consent, and then only to provide a service or function that is directly relevant to the use of the Application, or to serve advertising.";

(a) Please describe all data available from Apple mobile devices that you understand to be user data requiring prior consent from the user to be collected.

(b) Please describe all data available from Apple mobile devices that you understand to be device data requiring prior consent from the user to be collected.

(c) Please describe all services or functions for which user or device data is directly relevant to the use of your application.

(9) Please list all industry self-regulatory organizations to which you belong.
The developers are given until April 12, 2012 to respond.



Top Rated Comments

(View all)

94 months ago
Tax dollars well spent...
Rating: 11 Votes
94 months ago
So what happens if they do not respond?
Rating: 8 Votes
94 months ago

So what happens if they do not respond?

It's merely a request for information. They are not obligated to respond.

However, if they are sent a subpoena to appear in front of the committee, they are required to show up and can be held in contempt if they don't. Most folks don't want to piss off Congress so they cooperate if they haven't done anything wrong.

But call your lawyers!

To reply to an earlier commenter, this is already a witch hunt based on these letters.

Fishing expedition more than a witch hunt.
Rating: 8 Votes
94 months ago

So what happens if they do not respond?


I imagine people get sent to labor camps.
Rating: 8 Votes
94 months ago
Dear politicians,

We'd really love to give you all the information you request, but unfortunately our privacy policy requires a court order before we reveal any information pertaining to our users in any way.

Yours,

App developers.
Rating: 6 Votes
94 months ago
This is ********.

Stop wasting our $. Again, go work on my privacy with the illegal and immoral CCRA, Consumer Credit Reporting Act.

Trigger leads FTW. selling your name, address, income, mortgage info, cell phone data- as soon as someone pulls your credit. Legal, and done everyday. Equifax is the biggest culprit in case anyone cares.

But, heh- lets go after some developers who are sharing grandmas recipe with other friends on facebook. This is where the real danger lies, who care about anyones credit, SSN, income, private banking info, or anything else-

This Government has F'd up priorities....
G d it
Rating: 5 Votes
94 months ago
They should be sending these questions to the FBI and CIA to determine how much personal and private information about us is being collected by their kinfolk. I would guess that Apple Apps pale in comparison.
Rating: 5 Votes
94 months ago
Seriously... can we focus on the pressing issues of our country and not a privacy technicality that's already being taken care of?
Rating: 4 Votes
94 months ago
While I agree with those posters above that there are many issues of crucial importance waiting to be addressed by Congress, I would suggest that the loss of personal privacy is an issue of great importance, at least to me.

The argument that privacy is already grossly compromised for anyone using a computer, smartphone, etc. is true, but that does not mitigate the need to pursue any and all means to limit further loss of privacy.

The cost of the letter was minimal. And if not some governmental branch to attempt some oversight, then who? Am I to trust private industry to protect my privacy?
Rating: 3 Votes
94 months ago

So what happens if they do not respond?


If you do not respond, you are invited to work for congress since you have demonstrated the ability and capacity to not do want is expected from you.
Rating: 3 Votes

[ Read All Comments ]