An Apple spokesperson has said the company intends to stop allowing third-parties to gather and store entire address books without their knowledge or permission, but that's hardly something to celebrate, said Consumer Watchdog's John Simpson. "All Apple is saying is that it will start to do what it has been implying all along that it has been doing."
Apple has been caught up in the same privacy storm that has overtaken Foursquare in the past several days, as news surfaced that developers for iOS have been able to access users' address book information without their permission or knowledge.
Apple imposes rigid requirements on developers and has touted its "walled garden" approach to the mobile Web as safe and, more secure than Android's, for example. However, it appears that Apple is taking steps to improve its practices in this area, based on comments spokesperson Tom Neumayr made to reporters.
Apple's guidelines require that app developers must get permission before transmitting data about a user. Users must be provided with information as to how and where the data be will used. In addition, the user guidelines mandate that an application can collect user or device data only to provide a service or function directly relevant to the application or to serve advertising.
It would seem that uploading the contents of an address book would fall within these parameters, but Neumayr's widely circulating statement suggests that Apple is now explicitly including this activity in its privacy policy.
"Any app wishing to access contact data will require explicit user approval in a future software release," he said.
Congress Steps In
Apple's move came on the heels of a letter sent to CEO Tim Cook by Reps. Henry Waxman, D-Calif., and G.K. Butterfield, D-NC, both of whom serve on the House Energy and Commerce Committee. The letter asks Cook to clarify Apple's developer guidelines and to explain what measures are taken to screen apps sold through its App Store.
The congressmen note that even though the developer guidelines seem to provide some protection to users regarding their data, there appears to be "a quiet understanding among many iOS app developers" that results in sending entire address books, without users' permission, to remote servers and then storing them for future reference.
Apple did not respond to our request to comment for this story, and spokespersons from Waxman's and Butterfield's offices were not immediately available to comment.
Mountain or Molehill?
How significant an issue this is depends on who is asked.
While violations may have occurred, it is not likely Apple was aware of them, and it certainly didn't condone them, Rob Walch, host of Today in iOS, told MacNewsWorld, noting that the company is fiercely protective of its reputation for safety.
Also, consider the incident in context of what is happening elsewhere in the industry, he said. "Facebook gets far more information from people, often without their realizing it."
It is also important to note that there have not been any reports of information uploaded by iOS developers being used for nefarious purposes, said Walch.
Apple is now saying "even more strongly to developers that if they do anything untoward they will be kicked out of the App Store," he added.
Privacy advocates, however, are appalled by the indications that iOS developers have been uploading users' contact data without their permission.
"When it comes to apps, people are completely unaware of the extent of the information that is shared," John M. Simpson, Consumer Watchdog's privacy project director, told MacNewsWorld.
It is worse with Apple because it has a reputation for curating the apps in its store, he continued, "but clearly, it was not."
As for Apple's response to the members of Congress, it is hardly something to celebrate, he continued. "All Apple is saying is that it will start to do what it has been implying all along that it has been doing."
