Apple says that iOS applications that collect user contact data are in violation of the company's guidelines, and that a future software fix will prohibit this behaviour.
"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," Apple spokesperson Tom Neumayr said. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
Controversy erupted earlier this month, when Path — a popular iOS and Android application — was found to be collecting user contact information without permission. Path issued an apology on the issue, saying that it was using that data to alert users to when their friends joined the social network. The company then introduced an updated version that required users to opt in to the feature.
Earlier this week a handful of reports came out profiling other apps that shared this behaviour, including Foursquare and Twitter.
The issue was big enough to catch the eye of US lawmakers, too. A US House subcommittee sent a letter to Apple this week, asking why it doesn't force app developers to ask users for permission before downloading contacts.
"This incident raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," committee member Rep Henry A. Waxman (D-Calif.) wrote in a letter sent to Apple CEO Tim Cook that was made public on Wednesday.
Apple did not offer a specific date on when that software update would arrive. The company is currently beta-testing iOS 5.1 with developers, which is expected to make its way to consumers soon.
A history of software fixes
This is the latest privacy issue to arise from Apple's mobile operating system that has led to a patch. Last year it was the logging of user location data, which was found to be stored unencrypted. Researchers took the data, which covered up to a year's worth of location entries, and suggested that it could be used to track where users were going, including where they lived.
Apple stayed mum on the subject for a week, later addressing it as a "bug" and saying that the file was used to speed up how fast it could identify people's whereabouts inside applications, as well as fuel a crowd-sourced location database. A software update a few weeks later cut the database down to seven days, as well as keeping the file from being stored on local machines; however, that didn't stop the incident from being referred to as "locationgate".
Prior to that, Apple was targeted for providing developers with unique identification numbers for users. These identifiers, known as UDIDs, were tied to the device and could not be changed, akin to something like a vehicle identification number on a car.
An in-depth report from The Wall Street Journal found that developers were sharing UDIDs with third-party ad networks, allowing them to track user activity between applications in a way that Apple itself did not offer. Apple later addressed this by phasing out UDIDs as part of iOS 5, though that wasn't enough to stop some individuals from suing Apple and a handful of developers for the practice in separate lawsuits.