A congressional committee on Tuesday sent letters to Apple and Google urging both companies to closely monitor the collection and possible exploitation of user data by third-party apps affiliated with foreign entities.
In letters addressed to Apple CEO Tim Cook and Google CEO Sundar Pichai, the Congressional Committee on Oversight and Reform expressed concern over the security implications of storing user data on foreign soil. Foreign app makers, those with connections to foreign bodies and domestic companies that store information on offshore servers are named as potential threats to U.S. national security.
Stephen F. Lynch, Chairman of the Subcommittee on National Security, noted steps taken by other countries to combat the specter of nefarious data operations include legislation that requires companies to store data on local servers and, in some cases, outright bans on foreign apps. Congress seeks similar protections, but is reluctant to adopt targeted policies that come at the cost of "inhibiting innovation, enabling censorship, and restricting the movement of ideas across a free and open internet."
Instead, Lynch places the onus on Apple and Google, whose operating systems run on nearly all smartphones in the U.S.
Specifically, the government asks the tech giants to exercise policing power through their respective app stores, a task that would entail monitoring where developers store user data. That information would be reported and passed on to customers via App Store listings.
"As an industry leader, Apple can and must do more to ensure that smartphone applications made available to U.S. citizens on the AppStore [sic] protect stored data from unlawful foreign exploitation, and do not compromise U.S. national security," Lynch writes. "At a minimum, Apple should take steps to ensure that users are aware of the potential privacy and national security risks of sharing sensitive information with applications that store data in countries adversarial to the United States, or whose developers are subsidiaries of overseas companies."
Lynch also asks Apple and Google to commit to app store policy that would require developers to divulge whether they are a corporate subsidiary of a foreign entity. This information, too, would be available to consumers under the plan. The chairman offered a similar suggestion in January, to which both Apple and Google responded that no statutory or regulatory limitations would prevent such action.
In his letter to Apple on Tuesday, Lynch asks if the company has removed an app from the App Store for "suspicious or nefarious exploitation of user data by foreign governments." He further solicits suggestions on how to best protect against unwanted data collection by foreign entities.
Engadget reported on the letters earlier today.
The call to action comes amid revived concerns that third-party apps, especially those from China, Russia and the Middle East, are siphoning off potentially sensitive information from U.S. app users.
Apple currently employs a wide array of privacy features across its operating systems. A new tool in the upcoming iOS 14, for example, notifies users when a third-party app accesses the system clipboard. Though still in beta form, media coverage of the feature and its preliminary results prompted corrective action from apps like TikTok and LinkedIn.