updated 10:30 pm EST, Mon March 5, 2012
Senator believes they can fix problems themselves
New York Democratic Senator Charles Schumer has reported that both Apple and Google have agreed to meet with him to discuss potential security risks posed by developer access to user data, and that his intention is to encourage the companies to "find a way on their own" to prevent iOS and Android apps from accessing private information without the users' knowledge. He told The New York Times that both companies were "open to the idea."
Schumer expressed confidence that the issue of apps accessing user data, such as address books or photos -- sometimes under the guise of requesting "location" information, sometimes without informing the user at all -- could be resolved by the companies without the need for regulation. He said both companies were "friendly" and acknowledged that changes needed to be made.
Last year, both companies were asked to testify to the US Senate and the Federal Trade Commission (FTC) about the safeguards of user location information after it was discovered that both operating systems kept records of previous locations, though in the case of iOS Apple was able to show that neither developers nor Apple itself had misused the data, but rather had simply not taken steps to encrypt or prevent potential abuse of the data. Apple quickly altered the location-storing code in iOS to delete outdated records more quickly and prevent unauthorized access. Apple has already promised to close unauthorized developer access to other user data in a future iOS update.
Schumer also sent a copy of his letter requesting more information from Apple and Google to the FTC, which would be the next step if the two companies either refuse or cannot come up with a way to better protect user data from being accessed covertly. The FTC has already been vocal in warning tech companies to be more vigilant in protecting consumers' privacy. The agency previously warned that legislation could follow if OS providers didn't do more to make data sharing more transparent to the user and dependent on users' permission.