A U.S. senator has called on the Federal Trade Commission to investigate both Apple and Google over claims that applications running on their mobile operating systems violate user privacy.
In a letter sent to the FTC and reported by Reuters yesterday, Sen. Charles Schumer (D-N.Y.) said recent accusations that personal information is being accessed by mobile applications goes "beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of the app's functionality." He asked the FTC to force smartphone makers to implement safeguards that ensure data is not being accessed without a user's expressed consent.
Both Apple and Google came under fire last month after a popular mobile application, Path, was found to be collecting user contact information without permission. After the company issued an apology, several reports cropped up, detailing how a host of other applications across both iOS and Android were accessing data without the user's expressed consent. Soon after, lawmakers sounded off on the issue.
"This incident raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," Rep. Henry A. Waxman (D-Calif.) wrote in a letter sent to Apple CEO Tim Cook last month.
Apple had been quick to respond, telling CNET in a statement that "apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines." The company also said that a future software update to iOS 5 will prohibit developers from engaging in those activities.
For users, the implications are at least a little worrisome. The flaws found in the operating systems pave the way for developers to access everything from contacts to photos. Allowing an app to do that is one thing, but finding out that an application is allegedly accessing it without permission is another.
Apple faced similar criticisms over iOS privacy last year when researchers found that the operating system was collecting user locations and storing them unencrypted for anyone to see. After Apple classified the issue as a "bug," it updated the software to ensure data was only stored for a period of seven days and wouldn't be kept unencrypted on local machines.
In a statement e-mailed today to CNET, Google explained itself a bit, stating how it designed Android and what it might do to address the flaw in the coming months.
"We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS," a Google representative stated in the e-mail. "At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images."As phones and tablets have evolved to rely more on built-in, non-removable memory, we're taking another look at this and considering adding a permission for apps to access images," the spokesperson continued. "We've always had policies in place to remove any apps on Android Market that improperly access your data."
The FTC has so far not publicly responded to Schumer's request. Apple did not immediately respond to CNET's request today for comment on the matter.
Updated at 10:50 a.m. PT with Google's response.