The latest "-gate" suffixed controversy, the so-called "Address Bookgate," has surrounded the popular social networking app Path. After Path was found to collect data on users' contacts without prompting users for permission, CEO Dave Morin apologized and the app was updated to change the behavior.
That revelation, and the backlash that followed, has sent ripples throughout the iOS developer community. Path's update sets its app to explicitly request user permission to store contacts; Instagram and several other iOS apps followed suit.
In what's becoming a predictable trend any time the words "Apple" and "privacy" are mentioned together, two US Congress members have sent a letter to Apple asking the company to explain the situation (hat tip to The Next Web). "This incident raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," Congressmen Henry A. Waxman and G.K. Butterfield write. Following that, the representatives voice the very questions that have been raised:
- Please describe all iOS App Guidelines that concern criteria related to the privacy and security of data that will be accessed or transmitted by an app.
Please describe how you determine whether an app meets those criteria.
- What data do you consider to be "data about a user" that is subject to the requirement that the app obtain the user's consent before it is transmitted?
To the extent not addressed in the response to question 2, please describe how you determine whether an app will transmit "data about a user" and whether the consent requirement has been met.
- How many iOS apps in the U.S. iTunes Store transmit "data about a user"?
Do you consider the contents of the address book to be "data about a user"?
- Do you consider the contents of the address book to be data of the contact? If not, please explain why not. Please explain how you protect the privacy and security interests of that contact in his or her information.
How many iOS apps in the U.S. iTunes Store transmit information from the address book? How many of those ask for the user's consent before transmitting their contacts' information?
- You have built into your devices the ability to turn off in one place the transmission of location information entirely or on an app-by-app basis. Please explain why you have not done the same for address book information.
AllThingsD reports that Apple has issued a brief response: "Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines. We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
This response may address user concerns over the potential privacy issue, but Congress may not be satisfied so easily. Waxman and Butterfield (both of whom chair committees on commerce) have given Apple until the end of February to respond to the inquiry.
From our perspective as iOS users, this means we can likely look forward to more pop-up dialogs every time we open certain kinds of iOS apps for the first time. We're already prompted to give user permission for location services and push notifications, and now it seems we'll be prompted for access to Address Book contacts as well.
Hopefully iOS developers can write these dialogs in a way that encourages users to pay attention to them rather than blindly tapping "Allow" several times just to rush past the preliminaries and actually use the apps they've downloaded.