Updated 9:26 pm ET, Wednesday, Feb. 15
Apple on Wednesday announced a sweeping change to its guidelines for mobile applications developers in the wake of a growing scandal that started with one, relatively obscure social networking app called “Path.”
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told All Things D on Wednesday. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
The updated guidelines came nearly a week after a Singapore iPhone developer named Arun Thampi on February 8 discovered that his entire address book from his iPhone was being automatically scanned and sent to Path, despite it not having asked his clear expressed permission to do so. Path was apparently using the information to connect users to others who used Path in their address books.
After initially dismissing the finding as “industry best practice,” Path co-founder and CEO Dave Morin apologized for the practice on his blog, said his company deleted all of the data it collected from users and released a new version that explicitly asked users for permission to scan their contacts.
But as Morin had stated, many other popular social networking iPhone apps including Twitter, Yelp, Foursquare and Instagram all used variations of Path’s address book scan for much the same purpose, and all without explicit permission from users. Many of those networks have quietly changed their policies echoing Path’s, and Twitter told the L.A. Times it plans to do so, but now it seems that all will have to comply, as Apple has decreed it so.
The change in Apple’s policy came just hours after two members of the U.S. House of Representatives sent an open letter to Apple CEO Tim Cook and cc’ed Path’s Morin, demanding Apple answer nine questions about its guidelines for iOS developers.
As Reps. Henry Waxman (D-CA) and G.K. Butterfield (D-NC) wrote: “This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.”
The lawmakers also asked Apple: “You have built into your devices the ability to turn off in one place the transmission of location information entirely or on an app-by-app basis. Please explain why you have not done the same for address book information.”