Last May, two weeks before the promulgation of the European Union’s General Data Protection Regulation (GDPR), Apple began to route its data protection policies towards clearer objectives, as reported by secure data destruction from the International Institute of Cyber Security.
The company took vigorous action against developers whose applications share location data, expelling them from the AppStore until they limit any code or software development kits (SDK) that could violate their location data policies.
However, members of the Energy and Trade Committee from the U.S. House of Representatives questioned Apple last Monday; why it was necessary to limit the amount of data that third-party app developers can collect from users in the first place?
Similar questions have faced the Alphabet’s CEO, Larry Page, after noticing that Gmail allowed third-party developers access to user’s inbox, as reported by secure data destruction specialists.
Last week reports began to emerge which found that Google still allows third-parties to scan the inbox, giving them access to messages, signatures and receipts, in order to implement marketing campaigns. On Thursday night a new collective lawsuit was presented against the company for the scanning of millions of private messages, according to secure data destruction experts.
The Committee wants Apple and Alphabet to answer some questions about how they have reported this third-party access to their users, their collection and use of audio recording data, and location data coming from iPhone and Android devices.
“First of all, the House of Representatives want to know if our mobile phones are really listening to our conversations. Recent reports suggested that smart devices can collect ‘unactivated’ data from users’ conversations near a smartphone by hearing a trigger phrase, such as ‘OK Google’ or ‘Hey Siri’. It has also been suggested that third-party apps have access to and use this ‘unactivated’ data without disclosure to users” the committee stated in a press release.
These questions come from an investigation that reveals that, if it is arranged, a smartphone can see and hear what the user does.
The research argues that a small portion of the 17K apps analyzed could record audio and video covertly to send the collected information to developers, manufacturers, or a third party.
The Committee sent letters to Apple and Alphabet to let them know their concerns. In the letters, the members of the Committee remind companies that users have certain expectations regarding the tracking of their devices, especially when the phone is missing the SIM card, or when someone disable localization services, such as airplane mode.
While Apple has not spoken about it, Google released a statement claiming that “protecting the privacy of users and securing their information is a matter of utmost importance. Google will continue to be available to the Energy and Trade Committee of the House of Representative regarding these issues”.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.