Congress demands answers from Apple on address book privacy

The questionable practices of little-known iPhone application Path led to the unearthing of evidence that many other iPhone apps also take consumers’ address book data. The ensuing public outcry prompted U.S. government officials today to question the one company that might actually be to blame: Apple.

“This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts,” congress members G.K. Butterfield and Henry Waxman wrote Wednesday in a letter addressed to Apple CEO Tim Cook. The letter marks the beginning of an investigation into whether Apple adequately protects application users’ privacy and data.

The “incident” is the recent discovery by iOS application developer Arun Thampi that mobile-journaling app Path was, without permission, uploading and storing the contents of users’ iPhone address books on its servers. Path has since apologized and deleted this data, but its actions spawned a heated discussion on how iOS application makers access the official iOS address book, and placed the spotlight on Apple for granting app makers too much access and not protecting its mobile users.

Congressmen Butterfield and Waxman, ranking members of a congressional subcommittee dedicated to consumer protection, specifically questioned Apple on how it could approve the Path application, “despite [it] taking the contents of users’ address books without their permission.”

The duo put nine tough questions in front of Cook and is giving the CEO and his company just 14 days to respond.

“You have built into your devices the ability to turn off in one place the transmission of location information entirely or on an app-by-app basis. Please explain why you have not done the same for address book information,” one of the directive reads.

This echoes the sentiments of many iOS developers, including Instapaper creator Marco Arment, who recently argued that Apple should change its API to require permission for access to the user’s address book.

Arment will soon get his way. Apple, for its part, has said nothing on the matter until today, despite the cacophonous volume of the discussion. The company, currently sitting comfortably atop a $90 billion pile of cash, was compelled to publicly acknowledge the situation Wednesday and will be making changes in response to the backlash.

“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”

Whether the permissions change will satisfy the congressmen remains to be seen.

“We look froward to hearing from Apple and will withhold judgment until we hear directly from them,” a committee spokesperson told VentureBeat. As of noon Pacific Wednesday, the committee had not received a response from Apple.

The letter comes just one day after VentureBeat uncovered evidence showing many iPhone applications upload real names, email addresses, and phone numbers from users’ iOS address books to their servers without first asking permission.

Photo credit: Trevino/Flickr