On Sunday, Senator Charles E. Schumer (D-N.Y.) sent a request letter to the Federal Trade Commission asking that it investigate recent reports regarding Apple's iOS and Google's Android, and how the mobile operating systems allow third-party apps to steal private photos and post them online. He sent the request to the FTC after reading an article about the private data "theft" in the New York Times.
In addition to the photo issues, Schumer's formal plea to the FTC also refers to prior reports concerning third-party applications uploading entire address books with names, telephone numbers and email addresses to their own servers without prior consent from consumers.
"Two weeks ago it was revealed that some of the most popular applications for smart phones were routinely collecting personal data from users’ address books, despite policies in place from smartphone makers like Apple that explicitly prohibit such action without the prior consent of the user," Schumer states. "After reports revealed this widespread practice, several applications announced they would end the practice. Questions remain, however, over the implementation of security policies employed by smartphone manufacturers and their oversight of applications sold on their platforms."
As previously reported, both iOS and Android feature loopholes that allow third-party apps to access photos stored on a phone or tablet. In the case of Apple's iOS, photos and videos can be freely accessed if the owner allows the app to use location data. On the Android front, the consumer merely needs to grant the app permission to access the Internet. Problem is, Google has known about its "loophole" for quite some time.
The Android problem actually stems back to the first Android smartphones which could put photos on a removable memory card. This complicated the issue of photo access, especially when multiple cards came into play, so Google simply chose to design app permissions with a lack of restrictions in regards to accessing photos.
"We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS," a Google spokesman said "At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images."
"This is even documented in [the Android] developer doc," an Android developer told Tom's, pointing to this document. "[For years] Android [has been able to] read all the files of your SD card. [It's] exactly like MacosX, Windows, Linux and all the OS in the world (except iOS)."
Schumer's letter calls the FTC to launch a "comprehensive investigation" to determine whether copying or distributing personal information from smartphones, without a user’s consent, constitutes an unfair or deceptive trade practice. He also wants the agency to require smartphone makers to put in place safety measures "to ensure third party applications are not able to violate a user’s personal privacy by stealing photographs or data that the user did not consciously decide to make public."
"It sends shivers up the spine to think that one’s personal photos, address book, and who-knows-what-else can be obtained and even posted online – without consent," he says. "If the technology exists to open the door to this kind of privacy invasion, then surely technology exists to close it, and that’s exactly what must happen."
"When someone takes a private photo, on a private cell phone, it should remain just that: private," he adds. "Smartphone developers have an obligation to protect the private content of their users and not allow them to be veritable treasure troves of private, personal information that can then be uploaded and distributed without the consumer’s consent."