Watch CBS News

Apple speaks out on app data-collecting controversy

Path

(CNET) - Apple says that iOS applications that collect user contact data are in violation of the company's guidelines, and that a future software fix will prohibit this behavior.

Full coverage of Apple at Tech Talk
CNET: Lessons unlearned: From Intel to Path
CNET: Path and the disclosure dilemma

"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," Apple spokesman Tom Neumayr said. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

Controversy erupted earlier this month, when Path - a popular iOS and Android application - was found to be collecting user contact information without permission. Path issued an apology on the issue, saying that it was using that data to alert users to when their friends joined the social network. The company then introduced an updated version that required users to opt-in to the feature.

Yesterday a handful of reports came out profiling other apps that shared this behavior, including Foursquare and Twitter.

The issue was big enough to catch the eye of U.S. lawmakers too. A U.S. House subcommittee sent a letter to Apple this week, asking why it doesn't force app developers to ask users for permission before downloading contacts.

ZDNet: Twitter uploads contact list data without consent; retains for 18 months
CNET: Pinterest making money by adding tracking code to certain user pins

"This incident raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," committee member Rep. Henry A. Waxman (D-Calif.) wrote in a letter sent to Apple CEO Tim Cook that was made public today.

Apple did not offer a specific date on when that software update would arrive. The company is currently beta-testing iOS 5.1 with developers, which is expected to make its way to consumers soon.

A history of software fixes
This is the latest privacy issue to arise from Apple's mobile operating system that has led to a patch. Last year it was the logging of user location data, which was found to be stored unencrypted. Researchers took the data, which covered up to a year's worth of location entries, and suggested that it could be used to track where users were going, including where they lived.

Apple stayed mum on the subject for a week, later addressing it as a "bug" and saying that the file was used to speed up how fast it could identify people's whereabouts inside applications, as well as fuel a crowd-sourced location database. A software update a few weeks later cut the database down to seven days, as well as keeping the file from being stored on local machines, however that didn't stop the incident from being referred to as "locationgate."

Prior to that, Apple was targeted for providing developers with unique identification numbers for users. These identifiers, known as UDIDs, were tied to the device and could not be changed, akin to something like a vehicle identification number on a car.

An in-depth report from The Wall Street Journal found that developers were sharing UDIDs with third-party ad networks, allowing them to track user activity between applications in a way that Apple itself did not offer. Apple later addressed this by phasing out UDIDs as part of iOS 5, though that wasn't enough to stop some individuals from suing Apple and a handful of developers for the practice in separate lawsuits.

This article first appeared at CNET under the headline "Apple: Apps using address data are in violation, fix to come."  CNET News senior staff writer Elinor Mills contributed to this report.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.