In some cases, contents of address books are stored on app makers' own servers.
SAN FRANCISCO - The address book in smartphones -- where some of the user's most personal data is carried -- is free for app developers to take at will, often without the phone owner's knowledge.
Companies that make many of the most popular smartphone apps for Apple and Android devices -- Twitter, Foursquare and Instagram among them -- routinely gather the information in personal address books on the phone and in some cases store it on their own computers. The practice came under scrutiny Wednesday by members of Congress who saw news reports that taking such data was an "industry best practice."
Apple, which approves all apps that appear in its iTunes store, addressed the controversy Wednesday after lawmakers sent the company a letter asking how approved apps were allowed to take address book data without users' permission. Apple's published rules on apps expressly prohibit that practice.
But in its statement about the issue, Apple did not address why those apps that collect address book data had been approved.
In that statement, Tom Neumayr, an Apple spokesman, said: "Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines. We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
The Federal Trade Commission regulates the use of consumers' data on the Internet, and in the past it has sanctioned big companies like Facebook and Google over privacy issues. It said Wednesday that it would make no comment about the app makers' practices.
While Apple says it prohibits and rejects any app that collects or transmits users' personal data without their permission, that has not stopped some of the most popular applications for the iPhone, iPad and iPod -- like Yelp, Gowalla, Hipster and Foodspotting -- from taking users' contacts and transmitting it without their knowledge.
Google, which makes the Android operating system software, forces developers to ask users for permission to access any personal data up front.
The app makers collect the data to help quickly expand the network of people using their program. The practice of taking address book information without permission first came to light last week, when a developer noticed that Path, a mobile social network, was uploading entire address books to its servers without users' knowledge. The company has since said it will stop the practice and destroy the data it has collected.
"It's time for app developers to take responsibility for ensuring that users know what they're doing, rather than leaving it to the platforms to play a game of Whac-A-Mole," said Jules Polonetsky, director of the Future of Privacy Forum, in an interview.