Congress is questioning Apple about how it stores user data, as mounting privacy concerns urge regulators to push for greater disclosure on how companies use personal information.
House Energy & Commerce Committee Chairman Henry Waxman and Commerce Manufacturing and Trade Subcommittee Chair G.K. Butterfield sent Apple a letter after discovering an iOS application called Path collected data from users’ address books and stored it on remote servers without first seeking permission.
Apple’s App Store vets apps for malicious code and quality control before offering them to consumers in the iOS market, and is subsequently viewed as a more secure platform than Google’s Android market, which faced a number of malware attacks over the past year.
But Apple’s closed-door screening process is also what prevented disclosure regarding the storage of consumer data, preventing researchers from discovering other vulnerabilities. Last week, a blogger discovered Path mined his address book and kept names and phone numbers in what seems a permanent database.
Path is a mobile social network promising a more intimate experience than giant sites like Facebook and Twitter. Path’s CEO, Dave Morin, immediately issued an apology, cleared existing user data obtained through the iOS app, and installed a permission request in a new updated version of the app. Popular photo app Instagram quietly followed suit, but consumers are still left wondering if any app market is truly secure.
Pushing for increased transparency in Apple’s privacy practices, Waxman and Butterfield want the company to tell them how many iOS apps transmit user data, how many mine information from the address book, and how many of those apps ask for the user’s consent before transmitting information, among other inquiries. Apple has until February 29 to respond.
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” said the company.
Constantly-accessible mobile technology breeds new privacy concerns as more personal information gets transferred online, and the U.S. government is putting pressure on companies like Apple to disclose exactly what they do with that information.