US Senator Charles Schumer (D-NY) has asked the Federal Trade Commission (FTC) to launch an investigation into Apple and Google. The request follows reports from The New York Times last week, which revealed that the companies’ mobile operating systems allow third-party apps to access users’ private photos without consent. Sen. Schumer’s request comes after last month’s privacy debacle over iOS apps uploading users’ entire address books without explicit permission from users.
“When someone takes a private photo, on a private cell phone, it should remain just that: private,” said Schumer in a statement. “Smartphone developers have an obligation to protect the private content of their users and not allow them to be veritable treasure troves of private, personal information that can then be uploaded and distributed without the consumer’s consent.”
According to the Times reports (1, 2), Apple’s iOS lets any app access a user’s photo library, as long as that person has given the app permission to access location data. On Google’s Android OS, users must only give an app permission to connect to the Internet in order for their photos to be accessed.
While the Android Market is far more open than Apple’s iTunes App Store, Google asserts that any apps that are infringing on users’ privacy can be reported and subsequently removed from the marketplace. Apple’s developer guidelines explicitly forbid any apps from accessing private user data without consent. Of course, the same guideline applied to the address books, and we all know how well that worked.
In his request, Schumer has asked the FTC to “explicitly determine whether copying or distributing personal information from smartphones, without a user’s consent, constitutes an unfair or deceptive trade practice.”
See Schumer’s full letter to the FTC below:
Dear Chairman Leibowitz,
I write today to ask the Federal Trade Commission to investigate a disturbing and potentially unfair practice in the smartphone application market. We have seen a number of reports recently about apps that are leaking user data without user knowledge. Specifically, there have been reports about apps which allow a user’s photos, videos, location data, and address books not only to be accessed by the app (and its developers) but also copied in their entirety and used for marketing or other purposes. These uses go well beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of the app’s functionality.
It is my understanding that many of these uses violate the terms of service of the Apple and Android platforms through which the apps are marketed and sold. However, it is not clear whether or how those terms of service are being enforced and monitored. In fact, the abuses of apps have only come to light as a result of the work of intrepid independent researchers and technologists. As a result, it is users and their privacy who suffer.
Under your leadership, the FTC has played a critical role in monitoring the evolving privacy issues in the smartphone and online market place, for example with your recent report on apps and children’s privacy. I am confident that you will continue that great work by bringing your resources and expertise to bear in addressing this alarming new trend.
Specifically, I hope you will consider launching a comprehensive investigation to explicitly determine whether copying or distributing personal information from smart phones, without a user’s consent, constitutes an unfair or deceptive trade practice. In addition, I believe smartphone makers should be required to put in place safety measures to ensure third party applications are not able to violate a user’s personal privacy by stealing photographs or data that the user did not consciously decide to make public.
Charles E. Schumer