Apple has answered several questions about its data collection practices posed by House Republicans on the Energy and Commerce committee last month. Four senior Republicans on the committee including chairman Greg Walden, R-Ore., pressed the technology giant on whether its operating systems allowed for its companies or outside app developers to use data from smartphones “in ways that consumers do not expect.”
House Republicans sent the July letter after reports that Google’s Android phones were capable of collecting data from a phone’s microphone through its voice assistant, even when consumers hadn’t triggered the assistant. It sent letters to both Apple and Google – which, together, control the two largest operating systems – asking whether that was true. It also asked whether the companies collect location information the background when Bluetooth or other technologies capable of tracking a phone’s location were turned off.
The letters followed broader scrutiny of the way technology giants collect and use data in ways that may infringe on Americans’ privacy.
Apple in its response, which it shared with The Washington Post, said that its Siri voice assistant does not collect data unless it hears the trigger phrase, “Hey Siri.” The company also said it does not share any “Siri utterances” to third parties. Apple in the letter also laid out many of the policies it has shared publicly about its data collection and data use practices, which reflect what consumers see in the privacy policies they’re asked to review when they buy an Apple device.
The company did reveal for the first time how many apps it rejects from its App Store for failing to comply with its policies – nearly 40 percent of submissions don’t make the cut.
“The App Review team reviews more than 100,000 submissions per week, and reject approximately 36,000 of those submissions,” Apple’s director of federal government affairs, Timothy Powderly, told the committee.
Apple’s letter also outlined its data policies for a new feature in its iOS 12 operating system, which will automatically share location data with partner firm RapidSOS during emergency calls. Apple requires RapidSOS to delete messages that contain “Enhanced Emergency Data” collected during 911 calls, such as a caller’s estimated longitude and latitude, within 12 hours after receiving it. If an emergency call is found to be invalid – an accidental dial, for example – RapidSOS is supposed to discard that information immediately.
Both companies were asked to respond to the July 9 letter by July 28; Apple spokesman Fred Sainz confirmed that the company asked for an extension. Google did not respond to a request for comment.
A spokeswoman for the House Energy and Commerce committee said that “both companies have been cooperative thus far. The Committee looks forward to reviewing and analyzing the responses as we consider next steps.