After the whole mess with social networking app, Path, uploading Contact data from iPhone users without asking, the U.S. Congress has started to get involved. Energy and Commerce Committee member Henry Waxman and Commerce, Manufacturing, and Trade Subcommittee member G. K. Butterfield issued an open letter to Apple CEO Tim Cook asking some probing questions regarding the iOS developer agreement. Most of them center around the agreement's reference to transmitting "data about a user". Some of the juicier questions include:
- "Do you consider the contents of the address book to be 'data about a user'?"
- "Do you consider the contents of the address book to be data of the contact? If not, please explain why not. Please explain how you protect the privacy and security interests of that contact in his or her information."
- "How many iOS apps in the U.S. iTunes Store transmit information from the address book? How many of those ask for the user's consent before transmitting their contacts' information?"
In response, Apple's Tom Neumayr said in a statement that they intend on requiring explicit permission to access address book data in a future release, much like how location data is handled now.
"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines. We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
There's no mention of whether or not that will be in iOS 5.1, which Apple has been testing for some time, and may release alongside the iPad 3 in March.
The letter from Congress sought a formal reply by the end of the month, though I doubt we'll get to read that response. Apple has had some hiccups with location privacy in the past, but their corporate line has consistently been to treat private data with the utmost respect. While it's tricky holding Apple accountable for the snakey stuff that developers do in the App Store, it is their job to curate and approve submissions, and if a bad app slip through the cracks and reaches the public, it's the iPhone's reputation on the line.
At first glance, Android seems to have a better privacy system in place, as it ensures that you provide explicit permission for an app to access different types of data, but I definitely worry that the folks at Google don't look as closely at submissions as Apple does.
iMore put up a concept piece on how we'd like to see contacts, and permissions in general, handled in iOS 6. Would a popup make you feel more secure about your iPhone's personal data? Will it legitimately change a user's behaviour, or will they approve it as absent-mindedly as they do location permission now?