Lawmakers want Apple to brief them on iOS app privacy

The company's response to earlier questions about access to address-book data was inadequate, they said

Two U.S. lawmakers on Wednesday asked Apple representatives to brief members of the House Energy and Commerce Committee on the company's mobile privacy policies, saying a letter from Apple did not answer all of their questions.

The request is the latest development in a controversy over whether iOS apps need to ask for an iPhone owner's consent before gathering contact information from the phone. The issue arose after reports that the social-networking app Path was accessing and collecting iPhone users' address book data without seeking their consent.

Rep. Henry Waxman, ranking member of the committee, and Rep. G.K. Butterfield, ranking member of the Subcommittee on Commerce, Manufacturing and Trade, wrote to Apple CEO Tim Cook on Feb. 15, citing the Path issue and asking nine questions about Apple's iOS app developer policies regarding privacy.

Apple responded on March 2 with a letter that outlined its iOS app review guidelines, noting that the rules said apps could not transmit data about a user without obtaining prior permission and informing them how and where the data would be used. It said "the vast majority" of the 550,000 apps from third parties don't collect or transmit any user data. The company has also announced that a future software release will include a mechanism for explicit user consent to access address-book data, similar to the current consent process for location data.

On Wednesday, Waxman and Butterfield wrote back to Cook and said the March 2 letter didn't answer all of their questions. They also raised new questions about reports that apps can access photos on Apple mobile devices.

"To help us understand these issues, we request that you make available representatives to brief our staff on the Energy and Commerce Committee," Waxman and Butterfield wrote. Waxman, of California, and Butterfield, of North Carolina, are both Democrats.

Pressure on mobile privacy is also coming from other quarters in the government. On March 5, U.S. Sen. Charles Schumer, a Democrat from New York, asked the U.S. Federal Trade Commission to investigate Apple and Google's allowing apps to access the photos on users' phones.

Apple did not immediately respond to a request for comment on Wednesday's letter.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

More about AppleFederal Trade CommissionFTCGoogleIDGLawson

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Lawson

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts