From ACM TechNews:
Mobile Apps Take Data Without Permission
New York Times
(02/15/12) Nicole Perlroth
Many smartphone applications for Apple and Android devices routinely gather personal address book information, often without notifying the user, and store that information on the app developer's computers. The U.S. Congress recently sent Apple a letter asking how approved apps were allowed to take that information without users' permission, especially when Apple's rules on apps expressly prohibit that practice. "We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release," say Apple's Tom Neumayr. Although Google forces Android developers to ask users for permission to access any personal data up front, they often are not told how the information will be used or how the company plans to store it. "It’s time for app developers to take responsibility for ensuring that users know what they’re doing, rather than leaving it to the platforms to play a game of Whac-A-Mole," says Future of Privacy Forum director Jules Polonetsky. Many developers are changing their apps before Congress steps in, making updates and warning users about how the information is collected.