Apple’s response comes after growing criticism that the company has given developers too much leeway with users’ contact data. Mobile social network Path was the first to take the fall for uploading users’ address books without their explicit consent, but other apps–including Facebook, Twitter, Foursquare, and Yelp–also upload and store users’ address books, sometimes without permission.
Although Path apologized, and services like Instagram and Foursquare made their process more transparent, the issue has been serious enough to prompt members of Congress to send Apple an inquiry.
A letter from House representatives Henry Waxman (D-CA) and G.K. Butterfield (D-NC) to Apple CEO Tim Cook questioned “whether Apple’s iOS and developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.”
Apple says that its guidelines state developers must have users’ permission to access and transmit contact data.
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD.
Clearly, this guideline is not enough, so Apple will be issuing an update.
“We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release,” an Apple spokesman told AllThingsD and Reuters.
While requiring explicit user permission is something that should have been implemented in the first place, this update will be a very welcome security patch.
Follow Melanie Pinola (@melaniepinola) and Today@PCWorld on Twitter