Faced with reports that app developers are scooping up iPhone users' address books without their permission, Apple said it intends to put a stop to the practice.
"As we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release," spokesperson Tom Neumayr said in an email.
Apple's statement comes the same day that Reps. Henry Waxman (D-Calif.) and G.K. Butterfield (D-N.C.) asked the company to explain how it ensures that app developers adhere to guidelines that prohibit them from downloading users' data without their permission.
The congressional inquiry was sparked by recent reports that the mobile social network Path collected and stored users' address books without their knowledge. Path CEO Dave Morin apologized last week, and said the company would delete the data.
But lawmakers say in their letter to Apple CEO Tim Cook that the incident "raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts."
The lawmakers also reference recent news reports alleging that downloading address books is a widespread practice. "Claims have been made that 'there's a quiet understanding among many iOS app developers that it is acceptable to send a user's entire address book, without their permission, to remote servers and then store it for future reference,' " the letter states.
After news broke about Path, it emerged that other mobile app developers also were gathering and storing data about users' contacts. Twitter, for instance, asks mobile users if they want the company to "scan" their contacts to find friends, but doesn't explicitly tell people that it will also store some data -- including friends' emails and phone numbers -- for up to 18 months, the Los Angeles Timesreported on Wednesday. A Twitter spokesperson told the Los Angeles Times that the company intends to revise its language to ask users whether they want to "upload" or "import" their contacts.
When app developers import users' address books, the developers aren't just gleaning sensitive data about users, but are also amassing databases of phone numbers of users' friends -- including public figures who typically keep that information confidential.
The lawmakers say that one blogger recently reported that a popular app developer claims to have a contacts database that includes phone numbers for Facebook CEO Mark Zuckerberg, Microsoft co-founder Bill Gates and Oracle CEO Larry Ellison.
The lawmakers have asked Cook to answer a host of questions by Feb. 29, including how many iTunes apps that transmit address-book data first ask users for their permission.