Apple to require apps to ask users’ permission before accessing address books

Apple has responded to criticism in the wake of another app store controversy by pledging to require that all apps on its iOS mobile platform ask for explicit user permission before accessing contacts lists stored on its iPhones and iPads.

The move came in response to a controversy that kicked off with the social networking app Path. Path was discovered to be transmitting users’ address book data to the app’s creators, and that information was saved as plain text on remote servers. Path has since updated its app to ask for user permission before accessing the data (which was used as part of the app’s “Find My Friends” feature). In the wake of the fallout, numerous revelations emerged that lots of other apps, including Twitter, Instagram and others, access and store contact data in much the same way. (Path, Twitter and Instagram have already pledged to update their apps to ask to make use of address book data, and Path CEO and co-founder Dave Morin also promised to delete all address book contact information stored by the company.)

The incident with Path and other apps has kicked off renewed outrage about the respect of mobile users’ privacy and the way personal data is gathered and handled by Apple and its partners. An Apple spokesman told AllThingsD this week it would change its policies to require apps to notify users that their contact data might transmitted if they use certain functions within apps, as well as to ask those users’ explicit permission to do so.

But Apple’s move didn’t just come as a result of the fallout among its apps; it was actually precipitated by inquiries posed by two U.S. congressmen in response to the controversy. As Mashable reports, Reps. G.K. Butterfield and Henry Waxman of the House Subcommittee on Commerce, Manufacturing and Trade sent a letter to Apple CEO Tim Cook, asking Apple to beef up its app approval process and take steps to prevent app developers from accessing users’ contact information without permission.

It seems Apple plans to take those steps, if only because the congressmen asked for a response by no later than Feb. 29.

The address book scandal is only the latest in what seems like a growing series of controversies in which apps make use of or mishandle their users’ information. Last year it came to light that Apple’s iOS software was storing users’ GPS location data whenever the app made contact with a cellular tower. That data was stored in an unencrypted file because of a bug, Apple said, but the glitch was exploitable enough that law enforcement agencies were making use of it in criminal investigations. That controversy attracted the attention of Congress, as well, with Sen. Al Franken spearheading a push to get Apple and other mobile companies to alter their practices.

Even more recently was the Carrier IQ scandal. Carrier IQ, used by cellular carriers and other companies to gather advertising data, was saving all kinds of sensitive information about cell users and transmitting it to a third party. That information could have included keystrokes used in text messages, emails and more. The revelation also created national headlines and blew up to become a major privacy scandal among smartphone makers, platform makers and cell carriers.

The address book controversy, by contrast, seems to be much less of a big deal than either Carrier IQ or the “Locationgate” scandals, but the continued misuse of private data in the public perception is definitely not good for Apple and other companies working in the mobile sphere. With smartphones becoming more ubiquitous and important, users want to know that their data is being protected. Too many scandals like this one and we could see the mobile revolution suffer.

Latest from NewsReports