The U.S. Congress Asks 33 Popular Devs To Explain How iOS App Privacy Works

The U.S. Congress Asks 33 Popular Devs To Explain How iOS App Privacy Works

Path's iPhone app was recently updated to ask permission when accessing your contacts. Image courtesy of 37prime.news

The app privacy scandal caused by Path’s iPhone app is still leaving its mark, as members of the U.S. Congress have sent out letters to 33 prominent App Store developers to better understand the issue. “We want to better understand the information collection and use policies and practices of apps for Apple’s mobile devices with a social element.”

Apps like the official Facebook and Twitter clients are among the list. Energy and Commerce Committee Ranking Member Henry A. Waxman and Commerce, Manufacturing, and Trade Subcommittee Ranking Member G. K. Butterfield have requested that the developers behind such apps reveal how Apple imposes its privacy standards and how the standards are implemented.

In case you’ve been living under a rock for the last few weeks, it was discovered that many apps in the App Store uploaded personal user information without consent. In most cases, the activity went against Apple’s guidelines. Many of the offenders have updated their apps with new dialogs that ask permission to share your contacts and other data. Apple has even added the warning to desktop apps in the latest developer preview of OS X Mountain Lion. In an official comment, Apple recently said that it will be implementing more straightforward rules for how an app can access a user’s personal data in a future iOS update.

The same two men behind this new batch of letters asked Apple CEO Tim Cook to explain his company’s app privacy policies in an open letter over a month ago. No reply from the Cupertino boss was given, so Waxman and Butterfield have taken to asking developers this time around. Congress has given everyone till April 12th to respond.

Here’s the full letter:

Last month, a developer of applications (“apps”) for Apple’s mobile devices discovered that the social networking app Path was accessing and collecting the contents of his iPhone address book without having asked for his consent. Following the reports about Path, developers and members of the press ran their own small-scale tests of the code for other popular apps for Apple’s mobile devices to determine which were accessing address book information. Around this time, three other apps released new versions to include a prompt asking for users’ consent before accessing the address book. In addition, concerns were subsequently raised about the manner in which apps can access photographs on Apple’s mobile devices.

We are writing to you because we want to better understand the information collection and use policies and practices of apps for Apple’s mobile devices with a social element. We request that you respond to the following questions:

(1) Through the end of February 2012, how many times was your iOS app downloaded from Apple’s App Store?

(2) Did you have a privacy policy in place for your iOS app at the end of February 2012? If so, please tell us when your iOS app was first made available in Apple’s App Store and when you first had a privacy policy in place. In addition, please describe how that policy is made available to your app users and please provide a copy of the most recent policy.

(3) Has your iOS app at any time transmitted information from or about a user’s address book? If so, which fields? Also, please describe all measures taken to protect or secure that information during transmission and the periods of time during which those measures were in effect.

(4) Have you at any time stored information from or about a user’s address book? If so, which field? Also, please describe all measures taken to protect or secure that information during storage and the periods of time during which those measures were in effect.

(5) At any time, has your iOS app transmitted or have you stored any other information from or about a user’s device – including, but not limited to, the user’s phone number, email account information, calendar, photo gallery, WiFi connection log, the Unique Device Identifier (UDID), a Media Access Control (MAC) address, or any other identifier unique to a specific device?

(6) To the extent you store any address book information or any of the information in question 5, please describe all purposes for which you store or use that information, the length of time for which you keep it, and your policies regarding sharing of that information.

(7) To the extent you transmit or store any address book information or any of the information in question 5, please describe all notices delivered to uscrs on the mobile device screen about your collection and use practices both prior to and after February 8, 2012.

(8) The iOS Developer Program License Agreement detailing the obligations and responsibilities of app developers reportedly states that a developer and its applications “may not collect user or device data without prior user consent, and then only to provide a service or function that is directly relevant to the use of the Application, or to serve advertising.”;

(a) Please describe all data available from Apple mobile devices that you understand to be user data requiring prior consent from the user to be collected.

(b) Please describe all data available from Apple mobile devices that you understand to be device data requiring prior consent from the user to be collected.

(c) Please describe all services or functions for which user or device data is directly relevant to the use of your application.

(9) Please list all industry self-regulatory organizations to which you belong.

  • Patrick M Phillips

    hey Congress, how bout you all go fuck yourselves and your bullshit attempts at looking like you give a rat’s ass about privacy. perhaps when you repeal the Patriot Act, NDAA, FISA, NSA, etc we could take you a bit more seriously, but as for now, you’re the biggest band of fucking robbers, rapists, and murderers this country’s got

About the author

Alex HeathAlex Heath has been a staff writer at Cult of Mac for three years. He is also a co-host of the CultCast. He has been quoted by the likes of the BBC, KRON 4 News, and books like "ICONIC: A Photographic Tribute to Apple Innovation." If you want to pitch a story, share a tip, or just get in touch, additional contact information is available on his personal site. Twitter always works too.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , , , , , , |