Both Apple and Twitter have changed their policies after Congressional complaints about unauthorized data harvesting by apps. In Apple’s case, it’s effectively admitted that simply trusting developers doesn’t cut it.
The issue came to light when a user of the social networking app Path discovered the app had uploaded data from his iPhone address book without permission. Path apologized, but implied that grabbing address book details is effectively standard practice across the app industry.
As news of the case spread, it became clear that many major apps, particularly those relating to social networks, were accessing address book data, not always with permission.
That prompted Congress members Henry Waxman and George Butterfield to write an open letter to Apple chief Tim Cook to ask whether this was the case and if Apple’s policies was sufficient.
Technically accessing such data without user permission was already a violation of the Apple terms and conditions. However, Apple has now conceded that waiting to deal with violations once they’ve happened isn’t sufficient given the widespread abuse. Instead it’s placing address book data in the same category as location data, which means that apps are physically blocked from accessing and uploading the information until they’ve displayed a prompt screen asking (and getting) explicit permission from the user.
Twitter already informs users that it will search iPhone contact lists to suggest following friends who have an account, but says it will now use clearer language to convey this information. The existing warnings do not make clear that Twitter takes a copy of all details in the address book and keeps it from 18 months.
While Apple’s change of policy is welcome (if not overdue), it’s only one step towards changing what appears to be a wider cultural problem by which app developers assume they have the right to grab any data they can unless explicitly prevented from doing so.