FOR IMMEDIATE RELEASE: March 5, 2012
SCHUMER CALLS FOR FTC INVESTIGATION OF APPLE AND ANDROID PHONE PLATFORMS THAT ALLOW APPS TO STEAL PRIVATE PHOTOS AND ADDRESS BOOKS AND POST THEM ONLINE – WITHOUT CONSUMER’S CONSENT
United States Senator Charles E. Schumer today called for the Federal Trade Commission to launch an investigation into reports that smartphone applications sold on the Apple and Android platforms are allowed to steal private photos and customers address books. This past week, the New York Times revealed that iPhone and Android applications downloaded by users can actually gain access to a customer’s private photo collection, and in some cases share the information online. This latest report comes on the heels of the discovery last month that applications on Apple devices like the iPhone and iPad were able to upload entire address books with names, phone numbers, and email address to their own servers. In both cases, users were not notified that their private information stored on their phone and or iPad could be copied and used by third party applications.
“When someone takes a private photo, on a private cell phone, it should remain just that: private,” said Schumer. “Smartphone developers have an obligation to protect the private content of their users and not allow them to be veritable treasure troves of private, personal information that can then be uploaded and distributed without the consumer’s consent.”
According to reports by independent technologists, two separate loopholes, one in the Apple operating system and one in the Android operating system, allow apps to gather users’ photos. In the case of Apple, if a user allows the application to use location data, which is used for GPS-based applications, they also allow access to the user’s photo and video files that can be uploaded to outside servers. In the case of Android-based applications, the user only needs to allow the application to use Internet services as part of the app for third parties to gain access to photo albums.
“It sends shivers up the spine to think that one’s personal photos, address book, and who-knows-what-else can be obtained and even posted online – without consent. If the technology exists to open the door to this kind of privacy invasion, then surely technology exists to close it, and that’s exactly what must happen. The rapid innovation in technology, which is wonderful, must not also become an open invitation to violate people’s privacy willy-nilly. When a consumer makes a private phone call or sends a letter the old fashioned way, they have a very reasonable expectation that the communication is private. The same standard must apply to our new technologies, too,” continued Schumer.
Two weeks ago it was revealed that some of the most popular applications for smart phones were routinely collecting personal data from users’ address books, despite policies in place from smartphone makers like Apple that explicitly prohibit such action without the prior consent of the user. After reports revealed this widespread practice, several applications announced they would end the practice. Questions remain, however, over the implementation of security policies employed by smartphone manufacturers and their oversight of applications sold on their platforms.
Schumer today, in a letter to the Federal Trade Commission, called for the agency to launch a comprehensive investigation to explicitly determine whether copying or distributing personal information from smartphones, without a user’s consent, constitutes an unfair or deceptive trade practice. Schumer is also urging the agency to require smart phone makers put in place safety measures to ensure third party applications are not able to violate a user’s personal privacy by stealing photographs or data that the user did not consciously decide to make public.
A copy of Schumer’s letter to the FTC can be found below.
Dear Chairman Leibowitz,
I write today to ask the Federal Trade Commission to investigate a disturbing and potentially unfair practice in the smartphone application market. We have seen a number of reports recently about apps that are leaking user data without user knowledge. Specifically, there have been reports about apps which allow a user’s photos, videos, location data, and address books not only to be accessed by the app (and its developers) but also copied in their entirety and used for marketing or other purposes. These uses go well beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of the app’s functionality.
It is my understanding that many of these uses violate the terms of service of the Apple and Android platforms through which the apps are marketed and sold. However, it is not clear whether or how those terms of service are being enforced and monitored. In fact, the abuses of apps have only come to light as a result of the work of intrepid independent researchers and technologists. As a result, it is users and their privacy who suffer.
Under your leadership, the FTC has played a critical role in monitoring the evolving privacy issues in the smartphone and online market place, for example with your recent report on apps and children’s privacy. I am confident that you will continue that great work by bringing your resources and expertise to bear in addressing this alarming new trend. Specifically, I hope you will consider launching a comprehensive investigation to explicitly determine whether copying or distributing personal information from smart phones, without a user’s consent, constitutes an unfair or deceptive trade practice. In addition, I believe smartphone makers should be required to put in place safety measures to ensure third party applications are not able to violate a user’s personal privacy by stealing photographs or data that the user did not consciously decide to make public.
Charles E. Schumer