Apple will update iOS to require user permission for apps to access contact data
"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," Apple spokesman Tom Neumayr said in a statement to AllThingsD. "Weâre working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
The official statement came quickly after two U.S. congressmen sent a letter to Apple Chief Executive Tim Cook, asking for more information about Apple's security and privacy policies on the iPhone. The controversy stems from an iPhone social networking application, "Path," which was discovered to be uploading users' address book data to the company's servers without user authorization.
For its part, Path issued an apology and gave users the option to opt out, stating that the data was being used to streamline the application's "Add Friends" feature. But Apple, in its official comment on Wednesday, made it clear that the actions taken by Path are in violation of its iOS developer guidelines.
Reps. G.K. Butterfield (D-N.C.) and Henry A. Waxman (D-Calif.) issued the letter to Cook on Wednesday, questioning whether Apple's iOS application developer policies and practices adequately protect consumer privacy. Apple's official response came mere hours after the letter was made public.
The events share some similarities with last year's location database controversy, in which members of the U.S. government demanded answers from Apple about a file found hidden in the iPhone operating system that kept an extensive log of location data. Apple said the crowd-sourced data, which represented cellular towers and Wi-Fi hotspots pinged by the iPhone, was intended to give users faster response times when using location-based services.
That controversy quickly became a non-issue when Apple issued an iOS software update, which reduced the size and scope of the database file, and gave users the ability to delete it by turning off location services on their iPhone.