Apple to stop apps from stealing smartphone contacts
Twitter, Path to update apps
Apple says it is making policy changes to stop iPhone apps from copying contacts in users' address books without permission.
"Any app wishing to access contact data will require explicit user approval in a future software release," Apple said in a statement Thursday after politicians and bloggers questioned and criticized the company over the revelation that many of its apps may be pulling names and addresses out of user' iPhones.
Apple also clarified that apps that "collect or transmit a user's contact data without their prior permission are in violation of our guidelines."
A day earlier, two U.S. congressmen had written to the Cupertino, Calif.-based company asking questions about how it determines whether its guidelines about the collection and transmission of data have been met.
California Democrat Henry Waxman and North Carolina Democrat G.K. Butterfield cited a blog post last week from iOS developer Arun Thampi in which he described his discovery that the social networking app Path had been pulling names, phone numbers and email addresses from his phone's contacts file.
"This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," said the letter to Apple CEO Tim Cook.
Since Thampi's blog post, other technology bloggers have reported that a number of other social networking apps, including Twitter, have similar functions.
Twitter spokeswoman Carolyn Penner told the Los Angeles Times on Tuesday that when users activate the "find friends" feature on its smartphone apps, email addresses and phone numbers from a user's contact file are uploaded to its server and remain there for 18 months. The company said it will use the term "upload your contacts" or "import your contacts" instead of "scan your contacts" in the next version of its iPhone and Android apps to make this clearer.
Path CEO Dave Morin wrote on the company's blog last week that the firm has deleted all "user uploaded contact information" from its servers. It added that a newly released version of its software will ask users to explicitly opt in or out of sharing their phone contacts.