Apple: Apps using address data are in violation, fix to come

Company says apps collecting user contact lists without permission go against its guidelines. Apple is working on a software fix but doesn't specify a release date.

Josh Lowensohn Former Senior Writer
Josh Lowensohn joined CNET in 2006 and now covers Apple. Before that, Josh wrote about everything from new Web start-ups, to remote-controlled robots that watch your house. Prior to joining CNET, Josh covered breaking video game news, as well as reviewing game software. His current console favorite is the Xbox 360.
Josh Lowensohn
3 min read

Apple says that iOS applications that collect user contact data are in violation of the company's guidelines, and that a future software fix will prohibit this behavior.

Address book

"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," Apple spokesman Tom Neumayr said. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

Controversy erupted earlier this month, when Path--a popular iOS and Android application--was found to be collecting user contact information without permission. Path issued an apology on the issue, saying that it was using that data to alert users to when their friends joined the social network. The company then introduced an updated version that required users to opt-in to the feature.

Yesterday a handful of reports came out profiling other apps that shared this behavior, including Foursquare and Twitter.

The issue was big enough to catch the eye of U.S. lawmakers too. A U.S. House subcommittee sent a letter to Apple this week, asking why it doesn't force app developers to ask users for permission before downloading contacts.

"This incident raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," committee member Rep. Henry A. Waxman (D-Calif.) wrote in a letter sent to Apple CEO Tim Cook that was made public today.

Apple did not offer a specific date on when that software update would arrive. The company is currently beta-testing iOS 5.1 with developers, which is expected to make its way to consumers soon.

A history of software fixes
This is the latest privacy issue to arise from Apple's mobile operating system that has led to a patch. Last year it was the logging of user location data, which was found to be stored unencrypted. Researchers took the data, which covered up to a year's worth of location entries, and suggested that it could be used to track where users were going, including where they lived.

Apple stayed mum on the subject for a week, later addressing it as a "bug" and saying that the file was used to speed up how fast it could identify people's whereabouts inside applications, as well as fuel a crowd-sourced location database. A software update a few weeks later cut the database down to seven days, as well as keeping the file from being stored on local machines, however that didn't stop the incident from being referred to as "locationgate."

Prior to that, Apple was targeted for providing developers with unique identification numbers for users. These identifiers, known as UDIDs, were tied to the device and could not be changed, akin to something like a vehicle identification number on a car.

An in-depth report from The Wall Street Journal found that developers were sharing UDIDs with third-party ad networks, allowing them to track user activity between applications in a way that Apple itself did not offer. Apple later addressed this by phasing out UDIDs as part of iOS 5, though that wasn't enough to stop some individuals from suing Apple and a handful of developers for the practice in separate lawsuits.

CNET News senior staff writer Elinor Mills contributed to this report.