SAN FRANCISCO (Reuters) - Under pressure from U.S. legislators, Apple Inc moved Wednesday to quell a swelling privacy controversy by saying that it will begin to require iPhone and iPad apps to seek “explicit approval” in separate user prompts before accessing users’ address book data.
Apple’s move came shortly after two members of the U.S. House Energy and Commerce committee requested the company to provide more information about its privacy policies. Bloggers, in recent days, have published findings that some of the most popular software applications in Apple’s App Store have been able to lift private address book data without user consent.
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” an Apple spokesman told Reuters. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
In a letter addressed to Apple Chief Executive Tim Cook, Representatives Henry Waxman of California and G.K. Butterfield of North Carolina, both Democrats on the House Energy and Commerce Committee, asked Apple earlier on Wednesday to clarify its developer guidelines and the measures taken by the company to screen apps sold on its App Store.
The letter came after Path, a San Francisco startup that makes a Facebook-like social networking app, attracted widespread criticism last week after a Singaporean developer discovered that Path’s iPhone app had been quietly uploading his contacts’ names and phone numbers onto Path’s servers.
In the following days, other technology bloggers discovered that iPhone apps like Facebook, Twitter, Foursquare and Foodspotting similarly uploaded user data — without permission, in some cases.
The Path incident “raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts,” the letter said.
The legislators’ request for information cast the spotlight squarely onto Apple for the first time since an independent blogger, Dustin Curtis, wrote in a widely distributed post last week that “there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission to remote servers and then store it for future reference.”
Curtis blamed Apple, writing that he could not “think of a rational reason for why Apple has not placed any protections on Address Book in iOS.”
In their letter to Apple, Waxman and Butterfield, referenced Curtis’ blog post, adding: “There could be some truth to these claims.”
The legislators had asked Apple to submit its response by February 29.
Reporting By Gerry Shih; Editing by Richard Chang and Gerald E. McCormick