Congress is now demanding answers from Apple and Google regarding data collection on iOS and Android devices. Both Apple CEO Tim Cook and Alphabet CEO Larry Page received letters from the Energy and Commerce Committee seeking explanations about how these devices collect and use recorded audio, location information, how third-party partners and developers access data, and more.
The probe arrives just after reports surfaced that third-party developers have full access to messages in Gmail along with the recipient’s address and time stamps. The access also includes data stemming from the use of the Gmail plugin for price comparison, travel planning, and so on. So far there is no evidence that these third parties misused personal data.
As an example, Google partner Return Path reportedly scans more than 100 million emails a day sent and received by Gmail users accessing its network. The company claims that its algorithms can detect and discard personal emails from its system, but the algorithm initially miscategorized personal emails, forcing data analysts to spend several days reading 8,000 emails so they could train the system to properly label emails.
According to Google, it vets all third-party developers before granting access to Gmail messages and requires user permission. The problem is that permission requests often don’t state whether users are granting email access to a human or a computer.
The letter to Page addresses the Gmail scandal, pointing out that in June 2017, Google said content scanning in Gmail to provide personalized advertisements would halt to “keep privacy and security paramount.” But despite the promise, third-party developers still have access to Gmail content even if they’re not creating personalized advertisements.
“Google still permitted third parties to access the contents of users’ emails, including message text, email signatures, and receipt data, to personalize content. In the context of free services offered by third parties, these practices raise questions about how representations made by a platform are carried out in practice,” the letter states.
But the probe doesn’t stop there. The letter to Page points out that Android devices can/do collect “non-triggered” audio data from conversations conducted near the device to detect a “trigger” phrase. There are also suggestions that third-party apps on Android have access to and use “non-triggered” audio data without informing the device owner.
Meanwhile, Cook is feeling the heat as well. Congress points to apps still served up on the App Store that Apple deems “contradictory” to the company’s values, such as the apps provided by Google and Facebook. Apple claims it recently changed its App Store policy to limit the amount of data collected by third parties, yet they’re reading Gmail messages.
The two letters also address data collection used by cellular towers when location services, Wi-Fi, and Bluetooth are disabled, there are no installed apps, and the device doesn’t have a SIM card. Data is stored locally on the device and provided to Google once network capabilities are re-established. Congress wants to know if Apple’s products have the same data-retaining capabilities.
Updated on July 10: Added news about the two information requests.