Amid privacy uproar, Apple promises to detail app permissions

Tools

A week after Path for iOS came under fire for collecting and storing users' contacts, Apple (NASDAQ:AAPL) said it will upgrade its software so that developers can only access users' contact data after receiving explicit permission to do so.

"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," Apple spokesman Tom Neumayr told All Things Digital. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

The statement is Apple's first acknowledgement of the uproar sparked by Path's acknowledgement--and swift apology for--storing users' contact information. A number of reports have noted that other iOS developer conduct similar efforts. Indeed, the issue even caught the attention of a member of Congress. 

"This incident raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," wrote Rep. Henry A. Waxman (D-Calif.) in an open letter to Apple on Wednesday. "You have built into your devices the ability to turn off in one place the transmission of location information entirely or on an app-by-app basis. Please explain why you have not done the same for address book information."

The issue first sprouted up when developer Arun Thampi noticed various API calls made to Path's servers from its iPhone app. "Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path," Thampi wrote on his blog.

For more:
- see this All Things Digital article
- read this CNet article

Related articles:
Path admits mistake, allows users to opt out of contacts database
Path slammed for uploading users' mobile address books
Lawmaker Markey unveils Mobile Device Privacy Act
How mobile security is fueling subscriber insecurity
MMA finalizes Mobile Application Privacy Policy guidelines

Filed Under