Skip to main content

The Globe and Mail

Apple responds to furor over info-stealing apps

Incident with social networking app Path downloading Contact info from phones “raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts,” letter from Gongress said.

Under pressure from U.S. legislators, Apple Inc. moved Wednesday to quell a swelling privacy controversy by saying that it will begin to require iPhone and iPad apps to seek "explicit approval" in separate user prompts before accessing users' address book data.

Apple's move came shortly after two members of the U.S. House Energy and Commerce committee requested the company to provide more information about its privacy policies. Bloggers, in recent days, have published findings that some of the most popular software applications in Apple's App Store have been able to lift private address book data without user consent.

"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," an Apple spokesman told Reuters. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

Story continues below advertisement

In a letter addressed to Apple Chief Executive Tim Cook, Representatives Henry Waxman of California and G.K. Butterfield of North Carolina, both Democrats on the House Energy and Commerce Committee, asked Apple to clarify its developer guidelines and the measures taken by the company to screen apps that are sold on its App Store.

The letter comes after Path, a San Francisco startup that makes a Facebook-like social networking app, attracted widespread criticism last week after a Singaporean developer discovered that Path's iPhone app had been quietly uploading his contacts' names and phone numbers onto Path's servers.

In the following days, other technology bloggers discovered that iPhone apps like Facebook, Twitter, Foursquare and Foodspotting similarly uploads user data – without permission, in some cases.

The Path incident "raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," the letter said.

The legislators' request for information casts the spotlight squarely onto Apple for the first time since an independent blogger, Dustin Curtis, wrote in a widely distributed post last week that "there's a quiet understanding among many iOS app developers that it is acceptable to send a user's entire address book, without their permission to remote servers and then store it for future reference."

Mr. Curtis blamed Apple, writing that he could not "think of a rational reason for why Apple has not placed any protections on Address Book in iOS."

In their letter to Apple, Waxman and Butterfield, referenced Mr. Curtis' blog post, adding: "There could be some truth to these claims."

Story continues below advertisement

The legislators requested Apple to submit its response by Feb. 29.

Apple could not be immediately reached for comment.

Report an error
As of December 20, 2017, we have temporarily removed commenting from our articles. We hope to have this resolved by the end of January 2018. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to