WASHINGTON — Several social media companies came under fire last week after the discovery that they were downloading users’ full address books – without their knowledge or consent.
Programmer Arun Thampi discovered last week that Path, a social journal application, downloaded his entire iPhone address book, including names, phone numbers and email addresses, without his consent. Path executives responded by explaining that the data were used as part of a method to find other users on the network. They have since promised to delete the data and improve the transparency of their app.
Path, however, is far from the only social media app that downloads information without permission, according to a Los Angeles Times interview with Path CEO Dave Morin. Morin said downloading information this way “is currently the industry best practice and the App Store guidelines do not specifically discuss contact information.”
Twitter, a much more prominent social media network than Path, uses similar data collecting practices. According to the Times, Twitter executives confirmed that the “find friends” feature on the Twitter mobile app allows the company to download users’ entire address books, including email addresses and phone numbers, and store them for up to 18 months.
On the Twitter mobile app, the “find friends” feature allows a user to “scan your contacts for people you already know on Twitter,” but does not inform users that their address book information is being downloaded.
In a statement, Twitter spokeswoman Carolyn Penner said new updates on the app would add transparency to the downloading process by “updating the language associated with Find Friends — to be more explicit. In place of ‘Scan your contacts,’ we will use “Upload your contacts” and “Import your contacts.”
The Path news also brought scrutiny of Apple for its policy regarding apps that download user information. According to The Washington Post, the Android version of Path warned users about the information collection, while the Apple version did not.
The New York Times reported that according to Lookout, a mobile security company, more than 10 percent of free apps in the iTunes store had access to user contacts.
“What separates malicious use from legitimate use is the element of surprise. If a user is surprised, that’s a problem,” Kevin Mahaffey, Lookout’s chief technology officer, told The New York Times.
In response to these issues, Reps. Henry Waxman, D-Calif., and G.K. Butterfield, D-N.C., both members of the House Energy and Commerce committee, sent a letter to Apple questioning the implications of the company’s privacy standards.
The letter said the discovery of Path receiving information “raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts,” according to Reuters.
An Apple spokesman responded by suggesting that apps that collect user data without permission violate Apple guidelines, according to Reuters.
“We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release,” the spokesman told Reuters.
