Apple to respond to Congressional inquiry, but are guidelines enough?

Filed Under: Apple, Featured, iOS, Privacy

Apple logoIn response to the outrage expressed by iOS users over the transmission of their address books to the cloud without their permission by application developers Path and Hipster, Apple is promising to more strictly oversee privacy in a future revision.

US Congressmen Wexler and Butterfield have asked Apple to respond to some serious questions about privacy abuses by developers who sell their wares on the App Store.

The real issue here is the closed nature of the platform. Typical Apple mobile device users have no ability to know if these applications are taking their photos, contacts or just about anything else from their device.

Officially, Apple's guidelines tell iOS developers that they must ask for explicit permission from users before transmitting their contact information to their services. The problem? These are guidelines, not rules, implying compliance isn't entirely mandatory. And because Apple restricts access to publish on the App Store, no one else can audit apps, or even provide tools to offer protection, outside of its control.

Apple seems willing to take pains to ensure iPhone users don't have access to applications showing breasts, but has approved dozens of applications that fly in the face of its guidelines.

In my opinion this places the onus on Apple to ensure their users are safe. Apple is the sole decider and arbiter with regards to our privacy on their platform.

I am pleased to hear the company is going to introduce a new release of iOS that will require permission to access this information, but is it too little, too late?

Apple has an important decision ahead of it. Do they "own" the platform and therefore all of the behaviors of their developers?

Or do they decide to open the platform so that users and third parties can make their own informed decisions as to what they want to share and when?

, , , , ,

You might like

6 Responses to Apple to respond to Congressional inquiry, but are guidelines enough?

  1. gmd · 794 days ago

    lol, we have the core of sophos's reasons right here "because Apple restricts access to publish on the App Store, no one else can audit apps, or even provide tools to offer protection, outside of its control" ie sophos does not do good business with the mac world & feels shut out, so we get lots of articles attacking apple & trying to up the scare quotient so sophos can create a market! You are so transparent guys! Ok you have built a fine business on the back of Microsoft selling substandard products but stop trying to create big issues where there are none!

    • Jonathan · 794 days ago

      gmd, you might want to find a bridge nearby and jump off of it. Preferably as fast as possible. Nowhere in this comment can anything that might be rendered a coherent, adequate thought be found.

      The closed-down sandboxing operating system that Apple uses causes headaches for them left and right. They absorb responsibilities as a corporation by doing so, instead of leaving it up to the community as most other computing technology companies have. That's the only point here.

  2. Robert Gracie · 794 days ago

    I think they should face a very very very hefty fine because after all that they have done it should be done they have to be made examples of

  3. Hope Apple is forthcoming and more consumer protective.

  4. Sharp · 794 days ago

    Can you explain what the point of them uploading the addressbooks to the cloud was for? There must have been a reason they tried to explain on why it was done.

    The best part is the people who where wronged will get nothing out of it, and the company will get to keep the users information they do have to continue sell and distribute, while the app is removed from the store. Apple will release a new Iphone for the event to profit off the situtation with the new IOS, and this Path and Hipster will still be a company to recreate the app and find other means to stealing your data.

    Personally I don't see how the Iphone is costing just as much as the Ipad, and I am interested in neither, as I don't consider them any better than androids os and App store. Except Android allows anyone to upload apps, and it tells you what permissions your giving the app the moment you download/install with an accept dialog.

  5. Sharp · 794 days ago

    @gmd
    "In response to the outrage expressed by iOS users over the transmission of their address books to the cloud without their permission by application developers Path and Hipster"

    What makes you think Apple has any security, or cares about the security of your data? Sophos only gives the facts and keeps up on security vulnerabilities and solutions, they review Apple apps just as much as everything else, because hackers only care for large markets, and apple has stepped into a large market world with IOS, with lots of vulnerabilities that basic users don't know about. I consider this a great issue of concern when your address book is posted on a cloud for all to see. What do you store in your address book? Names and numbers only? or do you have addresses, email addresses, birthdates, etc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.