Tim? Larry? We need to talk about smartphones and privacy
Congress sends Apple and Alphabet a 'please explain', perhaps because Oracle asked
Oracle’s busy backgrounding about Android privacy last year appears to have helped draw US lawmakers' attention to Google and Apple.
Members of the US House Energy and Commerce Committee have jumped on a report by Quartz’s Keith Collins from November 2017 as the basis of letters to Apple CEO Tim Cook and Alphabet CEO Larry Page, demanding various details of how their respective operating systems treat users' privacy. The letters mention Collins' article (Here’s the letter to Page (PDF), and the letter to Apple (also a PDFs).
After Collins' story was published, former federal trade commission chief technologist and one-time White House staffer Ashkan Soltani claimed that Quartz's report was based on information Oracle had shopped around for several months. Reg hack Thomas Claburn therefore asked Soltani, Oracle, Google, and Quartz reporter Keith Collins about the claim. None responded.
But the theory that Oracle had something to do with the location-leaking allegations was given credence when Big Red made a similar complaint to Australia’s competition regulator.
The letter to Page wants answers on:
- When an Android phone's location services are disabled, is location information available to the phone through Wi-Fi and Bluetooth stored for upload to Google;
- Whether ‘droids collect audio data, incidentally, while they try to find “trigger phrases” like “OK Google” in speech;
- Why Google allowed third-party Gmail developers to trawl user e-mails for marketing insights.
Similar answers seem to be sought in the letter to Apple's Tim Cook. Regarding iPhone location collection, the House members ask the same question about location collection when that service is disabled, and the “trigger” question is edited to refer to Siri rather than Google. Tim Cook will have an easier time dealing at least with questions arising from the Quartz story, since it was specifically about Google even though the letter contains a reference to a mythical accompanying story on Quartz, as the non-existent URL below shows.
Who edited Quartz's Android story headline and URL to point to a non-existent Apple story, and why? Click to embiggen
The giants are also asked to detail both the access granted to, and the restrictions placed on, third party vendors publishing software in their app stores.
Also Apple-specific is a demand for information about an arrangement with RapidSOS, which Apple contracted to improve positioning accuracy in cases where an iPhone is calling emergency services (starting in the USA, for 911 calls).
So, if you’ve ever wanted to know how much the “your phone is spying on you” is real, how much is almost real, and how much is conspiracist moonshine, Apple and Alphabet's answers these letters might get you a little closer to the truth.
We might even know who thought there was a story about Apple leaking Android locations, and why they thought they would alter a URL to make it look that way. ®
Sponsored: Becoming a Pragmatic Security Leader