Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Congress Weighs in on iOS Apps Collecting Address Book and Other Personal Data

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,554
30,882



path_address_book.jpg


Last week, controversy erupted when it was discovered that the popular iOS app Path was uploading users' entire address books to the company's servers without alerting users or asking for authorization. While Path quickly deleted all address book data on its servers and updated its app to make the data collection an opt-in service, the issue has cast a fresh light on user privacy issues on iOS.

As noted by The Next Web, U.S. Congressmen Henry Waxman and G.K. Butterfield have now weighed on in the issue, sending a letter to Apple requesting information on the company's data collection policies it imposes on App Store developers.
In a letter to Apple CEO Tim Cook, the legislators state:

"This incident raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts."

Butterfield and Waxman then quote parts of Apple's iOS developer website which states that Apple provides a comprehensive collection of tools and frameworks for storing, accessing and sharing data. It is then questioned whether Apple requires apps to request user permission before transmitting data about a user.
Click to expand...
Butterfield and Waxman have requested that Apple provide answers to a series of questions by February 29, with the topics including Apple's definition of user data, how the App Store review process assesses compliance with guidelines on privacy, and data on how many apps transmit "data about a user" in general and address book data in particular. The Congressmen have also asked Apple to explain why it has not instituted a simple toggle setting for address book sharing as it has for location information.

It is not terribly unusual for Congress to request information from companies when issues related to consumer protection and privacy arise, and Apple was subject to a similar process when questions about location information arose last year. In that case, Senator Al Franken contacted Apple with questions about the company's policies, with executives from Apple and Google later testifying in a Senate hearing on the matter.

Article Link: Congress Weighs in on iOS Apps Collecting Address Book and Other Personal Data
 
Article Link
https://www.macrumors.com/2012/02/15/congress-weighs-in-on-ios-apps-collecting-address-book-and-other-personal-data/
C

CFreymarc

Suspended
Sep 4, 2009
3,969
1,149
This is not the first app that did this. Many freeware apps and games were Trojans collecting a lot of PIM data. One sign of this is if you are a "light" app user and you find your data usage skyrocket. Many believe this is how a lot of celebrity phones were hacked with some very personal photos getting out.

One thing that is really needed on the iOS level is a tool that lets you monitor and throttle the bandwidth usage of each app on your smartphone. There are tools for this on the PC end and on Android but I cannot find one for the iPhone.
 
dagamer34

dagamer34

macrumors 65816
May 1, 2007
1,359
101
Houston, TX
I would rather have companies be given a chance to sort this out themselves than have government quickly jump on the bandwagon writing new laws. Unless they are carefully crafted (which they usually aren't), it causes more problems than it solves.
 
Trius

Trius

macrumors 6502a
Aug 7, 2008
843
105
riiiiiiight.. because a bunch of old oblivious dumbass congressmen know anything about digital privacy...
 
ChazUK

ChazUK

macrumors 603
Feb 3, 2008
5,393
25
Essex (UK)
This whole fisaco is why I like to see a list of permissions before installing an app, ala WP7/Android.
Flashlight app wants full internet access, location and contacts? No install for you!

Example:
permissionswp7.jpg
 
Last edited:
Yvan256

Yvan256

macrumors 603
Jul 5, 2004
5,081
998
Canada
iOS should display a request when an App requires access to user data (address book, photos, etc), anything that is external to the App itself.

Isn't that what the new App Sandboxing is about in Lion?
 
gnasher729

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
If an app uploads my complete address book to their servers, which is absolutely no ****ing business of theirs, then Apple should refund the money to all purchasers, remove the app permanently, and ban the developer. There is just no excuse in the world for that.


Yvan256 said:
iOS should display a request when an App requires access to user data (address book, photos, etc), anything that is external to the App itself.

Isn't that what the new App Sandboxing is about in Lion?
Click to expand...

No. Sandboxing isn't about asking permission, it is about being able to do something or not. An app can request the ability to access your address book or not. If it requests it, it can. If it doesn't, it can't. They idea is that when deciding to accept the app or not, Apple will check whether the app has requested the ability, and if the app has any good reason to do so.

Another thing is that Apple can eventually provide sandboxed code to do things. For example, some code that lets the user choose a name from the address book and send an email to that person. That code would live in its little sandbox with access to address book and email. However, the rest of the application wouldn't be able to access the address book. So a game could allow you to send a picture to a friend that way, without itself being able to read your address book.
 
Last edited:
P

ppilone

macrumors 6502
Jan 20, 2008
361
0
tigres said:
For the love of all things important my people's government- go work on some real fricken issues; and stay the hell out of what you have no clue about.

Oh wait...
Click to expand...

So Congress can't do their job 9 times out of 10, and the 1 time they pressure a company to answer legitimate questions regarding consumer privacy you're equally as mad?
 
Xtremehkr

Xtremehkr

macrumors 68000
Jul 4, 2004
1,897
0
I don't know why an app not specifically designed to deal with my contacts would need to upload my list of contacts to anyone. It's none of their business and I don't want to unknowingly be involved in any data mining that they are doing.
 
M

Mak47

macrumors 6502a
Mar 27, 2011
751
32
Harrisburg, PA
"Why hasn't Apple instituted a simple toggle setting for sharing address book information?" Our fearless leaders ask...

While that may not be an outright terrible idea, it shouldn't be necessary.

Besides that, what's next? How many "simple" toggle switches will our unfailing government require to be installed on our mobile devices? What happens when a bug causes one to fail?

...Wait, clearly we can just install more toggle switches! Users can use a simple toggle switch to allow or disallow information sharing, then another simple toggle switch to allow or disallow information sharing when the first switch fails! See how simple it is?

Oh thank the lord for our glorious overseers. I don't know why Apple doesn't just fire their entire software development team and replace them with congressmen.

Seriously. Is there a problem here? Sure. Is there a government solution to said problem? No. Let the companies in question resolve the issue (which they have). If they still fail to do so, the market will resolve the issue as consumers will not buy products they feel compromise their privacy or security.
 
allpar

allpar

macrumors 6502
May 20, 2002
365
122
"I would rather have companies be given a chance to sort this out themselves than have government quickly jump on the bandwagon writing new laws. Unless they are carefully crafted (which they usually aren't), it causes more problems than it solves."

Yeah, like they've done a great job so far, right?

The THREAT of a law should force Apple to do what they should have done in the first place, but will not do without the threat of a law.

As for Congress, yes, it gets a lot wrong, but you can thank it for rivers that don't catch fire.
 
T-Will

T-Will

macrumors 65816
Sep 8, 2008
1,042
433
I really hope Apple does more to show what kind of data/services apps use, and give users the ability to permit/deny access.

But does the government really need to get involved in this?

I believe the free market will resolve the issue by itself (i.e. Path's negative press, negative press on Apple for not catching this, etc.).
 
nepalisherpa

nepalisherpa

macrumors 68020
Aug 15, 2011
2,258
1,330
USA
Why are people attacking Congressmen for being focused on issues like this? This is a serious issue and something needs to be done by Apple. Political involvment will help escalate the issue. You don't need to have a knowledge of digital security to weigh in on this issue. It's an issue of privacy.
 
allpar

allpar

macrumors 6502
May 20, 2002
365
122
I think what Congress intends to do is make the "free market" fix its problems with the attention and threat of legislation.

Just leaving the "free market" to fix things was tried and is still tried. Certain things are not fixable by the free market. Adam Smith said as much in The Wealth of Nations. I realize it's politically incorrect to suggest laissez faire capitalism was not handed to us by God, but ... rivers aren't supposed to burn.
 
Amazing Iceman

Amazing Iceman

macrumors 603
Nov 8, 2008
5,314
4,066
Florida, U.S.A.
Considering that the trade of information is really the true business behind the internet, what politicians are trying to do here is get the public's attention to gain fame and publicity, giving the image of caring for the people.
 
tigres

tigres

macrumors 601
Aug 31, 2007
4,213
1,326
Land of the Free-Waiting for Term Limits
ppilone said:
So Congress can't do their job 9 times out of 10, and the 1 time they pressure a company to answer legitimate questions regarding consumer privacy you're equally as mad?
Click to expand...

Because they have sent how many of these letters in the past 12 months? Why can't they concern themselves with true privacy issues like the FCRA and the credit agencies that sell our private information legally when someone pulls your credit. Ever wonder why you get calls from unknown's after you apply for financing? Google "Trigger Leads".... Why can't they focus on this REAL issue that has been around for 7 years now. This is a real privacy issue... selling your personal information legally @ pennies.

The company that F'd this up apologized, removed the data, and tried to make amends. I do not condone this as to be OK, but I am sick of all these media driven congressmen with a hard on lately when there are far worse privacy issues out there that need addressing.
 
F

firewood

macrumors G3
Jul 29, 2003
8,108
1,345
Silicon Valley
Old news?

Didn't Apple remove a couple games from the App store for doing this (uploading contacts)? Almost 2 years ago? Why and when did Apple stop removing such apps?

Or does tiny 0.0002 pt text in the 432,238,329th paragraph of the app's terms or license now allow this.
 
T

Thunderhawks

Suspended
Feb 17, 2009
4,057
2,118
Just not cool, regardless of any damage.

Hope Apple does have that in its developer agreements and if yes
enforce it.
 
3

3460169

Cancelled
Feb 18, 2009
1,293
212
Apple needs to be much more careful about privacy if they insist on making their iOS devices so simplistic that average Joe End User potentially has no idea what a given app is doing behind the scenes as in the Path example. We can't count on XYZ Developer being honest (and asking for permission to, e.g., scan my address book) or competent but the maintainers and enforcers of the Walled Garden certainly ought to be. We're handing off a lot of trust value to Apple to get this right.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom