Facebook, Pinterest among 33 iOS developers targeted in app privacy probe

Tools

U.S. lawmakers have sent letters to Apple (NASDAQ:AAPL) and 33 iOS application developer partners seeking information about the way they collect and use consumer data.

Representatives Henry A. Waxman (D-Calif.) and G. K. Butterfield (D-N.C.) have mailed letters to social app makers including Path, Facebook, Twitter, Pinterest, foursquare and LinkedIn in an effort to determine how iOS apps gather user data, what they do with it and what notices they provide to consumers. The letters follow the recent discovery that some iOS apps can upload entire address books to their servers, complete with names, telephone numbers and email addresses.

Last month, Apple said it would upgrade its software so that developers can only access users' contact data after receiving explicit permission to do so. Apple made the announcement after the Path application came under fire for collecting and storing user contacts. The letters ask developers if their apps have ever transmitted the contents of a user's address book and whether they had privacy policies in place ahead of Apple's recent changes. Developers have until April 12, 2012, to respond.

According to a U.S. House Committee on Energy & Commerce statement, lawmakers want the information to begin building a "fact-based understanding of the privacy and security practices in the app marketplace." The House adds the apps targeted in the probe were selected based on their inclusion in the Social Networking subcategory within the iPhone Essentials section of Apple's App Store.  

Earlier this month, Sen. Charles Schumer (D-N.Y.) urged the Federal Trade Commission to investigate recent reports that mobile applications running iOS and Google's (NASDAQ:GOOG) Android can access user address books, photos and other personal data without subscriber consent. Schumer expressed concern over a recent New York Times report indicating that an iOS security loophole makes images stored on iPhone, iPad and iPod touch devices vulnerable to downloaded applications that can copy the user's entire photo library without any further notification or warning.

A follow-up NYT report adds that Android applications can access the same user information and copy photos to a secure remote server without securing subscriber permission, provided the app has the right to go the Internet. It is still not clear whether any iOS or Android apps have actually exploited these security vulnerabilities.

"When someone takes a private photo, on a private cell phone, it should remain just that: private," Schumer wrote to the FTC.

Apple and Google are among six leading technology firms that agreed last month to expanded privacy protections for consumers who download mobile applications to their smartphones and tablets. California Attorney General Kamala D. Harris announced that Apple, Google, Amazon.com, Research In Motion (NASDAQ:RIMM), Microsoft (NASDAQ:MSFT) and Hewlett-Packard consented to improved privacy principles that bring the mobile ecosystem in line with the California Online Privacy Protection Act, which requires operators of commercial web sites and online services--including mobile apps--that collect personally identifiable consumer data to post a privacy policy.

For more:
- read this CNet article
- read this U.S. House Committee on Energy & Commerce statement

Related articles:
Facebook, Apple targeted in mobile app privacy class action suit
Lawmaker urges FTC to probe iOS, Android privacy breaches
Report: Apple loophole gives iOS developers access to user photos
Apple, Google consent to mobile app privacy accord
FTC to Apple, Google: Apps for kids must disclose data privacy practices