In May, two weeks before the “we’re not kidding about this protecting user data stuff” General Data Protection Regulation (GDPR) went into effect in the EU, Apple started getting its protecting-user-data ducks in a much straighter row.
It cracked down on developers whose apps share location data, kicking them off the App Store until they cut out any code, frameworks or Software Development Kits (SDKs) that were in violation of its location data policies.
But hang on a minute… members of the US House of Representatives Energy and Commerce Committee asked Apple on Monday: why was it even necessary to limit how much data third-party app developers can collect from Apple device users in the first place?
… given that CEO Tim Cook has repeatedly told the press that Apple believes that “detailed profiles of people that have incredibly deep personal information that is patched together from several sources [shouldn’t] exist”?
Similar question to Alphabet CEO Larry Page: in June 2017, Google announced that Gmail would stop reading our email.
Nonetheless, reports surfaced last week that found the company is still allowing third parties to merrily scan away, giving them access to our email text, signatures, and receipt data, in order to target-market advertising. In fact, a new class action suit was filed against the company on Thursday night over developers’ scanning of millions of users’ private messages.
The committee wants Apple and Alphabet to answer some questions about how they’ve represented all this third-party access to consumer data, about their collection and use of audio recording data, and about location data that comes from iPhone and Android devices.
Inquiring minds want to know, for one thing, whether our mobile phones are actually listening to our conversations, the committee said in a press release.
Recent reports have… suggested that smartphone devices can, and in some instances, do, collect ‘non-triggered’ audio data from users’ conversations near a smartphone in order to hear a ‘trigger’ phrase, such as ‘okay Google’ or ‘hey Siri.’ It has also been suggested that third party applications have access to and use this ‘non-triggered’ data without disclosure to users.
We reported about that recent study – titled Panoptispy – last week. It comes from researchers at Northeastern University in Boston, who found that yes, your smartphone can watch and listen to you if it wants to.
They found that a small number of the 17,000 apps they analyzed were recording video, images or sound covertly and sending it all back to the app’s maker or a third party. On the plus side: it seems to be done not out of ill intent, but rather from misunderstandings about privacy. On the not so positive side, it lays bare the chaotic ecosystem in which apps and API developers exist, how poorly regulated it is, and how much developers can get away with if they choose to.
Here’s the full letter the lawmakers sent to Apple. Here’s the one they sent to Google’s overlord, Alphabet.
In the letters, the committee members remind Google and Apple that consumers have certain expectations about device tracking – particularly when a phone lacks a SIM card and when location services, WiFi and Bluetooth are turned off, such as when a device is in Airplane mode.
According to Gizmodo, Apple hadn’t responded to press inquiries as of Monday. Google sent this statement:
Protecting our users’ privacy and securing their information is of the utmost importance. We look forward to answering the Committee’s questions.