or Connect
AppleInsider › Forums › Mobile › iPhone › US congressmen send letter to Apple inquiring about iOS address book security
New Posts  All Forums:Forum Nav:

US congressmen send letter to Apple inquiring about iOS address book security

post #1 of 39
Thread Starter 
Following a controversy surrounding the iPhone social networking application "Path," two members of the U.S. Congress have sent a letter to Apple Chief Executive Tim Cook seeking answers on the security of user address books and contacts stored on iOS devices.

Reps. G.K. Butterfield (D-N.C.) and Henry A. Waxman (D-Calif.) issued the letter to Cook on Wednesday, questioning whether Apple's iOS application developer policies and practices adequately protect consumer privacy.

The letter follows a controversy that arose earlier this month when social networking application "Path" was revealed to be uploading users' address books to its servers without asking for permission. The activity was discovered and publicized by developer Arun Thampi.

Last week, Path offered a public apology for its activities, and modified its software so that users could opt out of the address book upload. The company said the data was used to streamline the application's "Add Friends" feature, and not to collect sensitive information.

The letter from Waxman and Butterfield has requested Apple's response to nine questions. They pertain to user security and how Apple defines whether an application is suitable for users to download to their iPhone.

The government questioning is similar to a separate incident from last year, when a U.S. senator and congressman pushed Apple for answers about a location database controversy that arose. The issue gained attention after security researchers discovered a database file in iOS 4 that stored a large amount of location data representing cellular towers and Wi-Fi hotspots accessed by an iPhone.

Apple explained that the location database file was intended to improve location tracking services on the iPhone, but the size of the file grew to be large because of a programming glitch. The issue was quickly resolved with a software update.

The latest issue is not a result of a glitch in the iOS operating system, but a feature that Apple allows to developers that could potentially be abused. The congressmen are concerned that other applications are uploading users' address book information without their knowledge. The full letter is included below:
Quote:
February 15, 2012
Mr. Tim Cook
Chief Executive Officer, Apple Inc.
1 Infinite Loop
Cupertino, CA 95014

Dear Mr. Cook:
Last week, independent iOS app developer Arun Thampi blogged about his discovery that the social networking app “Path” was accessing and collecting the contents of his iPhone address book without ever having asked for his consent. The information taken without his permission – or that of the individual contacts who own that information – included full names, phone numbers, and email addresses. Following media coverage of Mr. Thampi’s discovery, Path’s Co-Founder and CEO Dave Morin quickly apologized, promised to delete from Path’s servers all data it had taken from its users’ address books, and announced the release of a new version of Path that would prompt users to opt in to sharing their address book contacts.

This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.

The data management section of your iOS developer website states: “iOS has a comprehensive collection of tools and frameworks for storing, accessing, and sharing data. . . . iOS apps even have access to a device’s global data such as contacts in the Address Book, and photos in the Photo Library.” The app store review guidelines section states: “We review every app on the App Store based on a set of technical, content, and design criteria. This review criteria is now available to you in the App Store Review Guidelines.” This same section indicates that the guidelines are available only to registered members of the iOS Developer Program. However, tech blogs following the Path controversy indicate that the iOS App Guidelines require apps to get a user’s permission before “transmit[ting] data about a user”.

In spite of this guidance, claims have been made that “there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference. It’s common practice, and many companies likely have your address book stored in their database.” One blogger claims to have conducted a survey of developers of popular iOS apps and found that 13 of 15 had a “contacts database with millions of records” – with one claiming to have a database containing “Mark Zuckerberg's cell phone number, Larry Ellison’s home phone number and Bill Gates’ cell phone number.”

The fact that the previous version of Path was able to gain approval for distribution through the Apple iTunes Store despite taking the contents of users’ address books without their permission suggests that there could be some truth to these claims. To more fully understand and assess these claims, we are requesting that you respond to the following questions:
\t1. Please describe all iOS App Guidelines that concern criteria related to the privacy and security of data that will be accessed or transmitted by an app.
\t2. Please describe how you determine whether an app meets those criteria.
\t3. What data do you consider to be “data about a user” that is subject to the requirement that the app obtain the user’s consent before it is transmitted?
\t4. To the extent not addressed in the response to question 2, please describe how you determine whether an app will transmit “data about a user” and whether the consent requirement has been met.
\t5. How many iOS apps in the U.S. iTunes Store transmit “data about a user”?
\t6. Do you consider the contents of the address book to be “data about a user”?
\t7. Do you consider the contents of the address book to be data of the contact? If not, please explain why not. Please explain how you protect the privacy and security interests of that contact in his or her information.
\t8. How many iOS apps in the U.S. iTunes Store transmit information from the address book? How many of those ask for the user’s consent before transmitting their contacts’ information?
\t9. You have built into your devices the ability to turn off in one place the transmission of location information entirely or on an app-by-app basis. Please explain why you have not done the same for address book information.

Please provide the information requested no later than February 29, 2012. If you have any questions regarding this request, you can contact Felipe Mendoza with the Energy and Commerce Committee Staff at 202-226-3400.


Sincerely,

Henry A. Waxman
Ranking Member

G.K. Butterfield
Ranking Member

Subcommittee on Commerce, Manufacturing, and Trade


cc: Dave Morin
Path, Co-Founder and CEO

[ View article on AppleInsider ]
post #2 of 39
Clowns. F***** attention seeking clowns

Windows survivor - after a long, epic and painful struggle. Very long AAPL

Reply

Windows survivor - after a long, epic and painful struggle. Very long AAPL

Reply
post #3 of 39
if they really cared about address book security they should be looking into android and apps that send there data to china
post #4 of 39
Quote:
Originally Posted by Red Oak View Post

Clowns. F***** attention seeking clowns

Pretty much. Did you see what they were requesting? They need to RTFM. They may have legitimate questions, but this is one ham-fisted way to go about it.
post #5 of 39
1) And yet without any security or accountability in place for Android they simply don't care unless it's regarding an Apple product. Android is winning¡

2) Apple really needs to make this an item in Settings like Location Data that shows you what apps have access to your Address Book or other sensitive parts of your personal info. While Path now asks you permission this should not be up to the developer but built-in protection from Apple. I blame Apple here.

3) Do they get full access to your Address Book, including notes because I put a lot of personal data into notes.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #6 of 39
This is stupid. He should have written to Microsoft and Google instead.
post #7 of 39
Quote:
Originally Posted by Sector7G View Post

if they really cared about address book security they should be looking into android and apps that send there data to china

That's pure deflection of the iOS issue at hand. Android apps also UP FRONT on installation tell you which permissions the app will be using, including the address book. If you don't read and just accept and continue that's your problem.
I'm not a pessimist. I'm an optimist, with experience.
Reply
I'm not a pessimist. I'm an optimist, with experience.
Reply
post #8 of 39
Quote:
Originally Posted by SolipsismX View Post

1) And yet without any security or accountability in place for Android they simply don't care unless it's regarding an Apple product. Android is winning¡

Boohoo. This has nothing to do with Android, WP7, webOS, RIM or anyone else. That's a typical deflection argument when something is wrong and you want to avoid an uncomfortable topic. Android at least tells you on app installation what it's using including the address book.

Quote:
2) Apple really needs to make this an item in Settings like Location Data that shows you what apps have access to your Address Book or other sensitive parts of your personal info. While Path now asks you permission this should not be up to the developer but built-in protection from Apple. I blame Apple here.

That is the crux of the whole issue. Well said.
I'm not a pessimist. I'm an optimist, with experience.
Reply
I'm not a pessimist. I'm an optimist, with experience.
Reply
post #9 of 39
Quote:
Originally Posted by thataveragejoe View Post

That's pure deflection of the iOS issue at hand. Android apps also UP FRONT on installation tell you which permissions the app will be using, including the address book. If you don't read and just accept and continue that's your problem.

then in this case all apple needs its a little message which says your data can be transmitted . no i think its more about the security of the data and android phones have had real breaches, that should be there concern
post #10 of 39
Quote:
Originally Posted by Sector7G View Post

then in this case all apple needs its a little message which says your data can be transmitted . no i think its more about the security of the data and android phones have had real breaches, that should be there concern

Nothing about this story/article has ANYTHING to do with Android. Bringing it up is simply trolling. This letter is just a publicity stunt and overblown, but there still is an issue that should be addressed.
I'm not a pessimist. I'm an optimist, with experience.
Reply
I'm not a pessimist. I'm an optimist, with experience.
Reply
post #11 of 39
Quote:
Originally Posted by thataveragejoe View Post

Nothing about this story/article has ANYTHING to do with Android. Bringing it up is simply trolling. This letter is just a publicity stunt and overblown, but there still is an issue that should be addressed.

yeah its a publicity stunt, because the real danger is with the addresses stored on android phones, and having a option on this forum is not trolling, just admit your post was worthless
post #12 of 39
And once again, everyone forgets that this could happen on their Macs and PCs for decades.

Anyone could write a desktop app that sends your outlook db to a server, or your address book database.
post #13 of 39
Quote:
Originally Posted by Sector7G View Post

because the real danger is with the addresses stored on android phones

Source? Proof? Relevant to an iOS issue and letter to Apple only how?

...what I thought. Case closed.
I'm not a pessimist. I'm an optimist, with experience.
Reply
I'm not a pessimist. I'm an optimist, with experience.
Reply
post #14 of 39
Let's see..about 20 years of widespread internet usage where at any time, a desktop application could upload any portion of a user's hard drive contents - still true today, btw, and now you clowns think that there needs to be a security lock on the address book? GFR!

Do you know how many productivity apps rely on the shared address book? (clue: it's a lot)

This is why you don't download and run just any piece of software. Use your head.

-Bloop
post #15 of 39
Quote:
Originally Posted by Satorical View Post

Pretty much. Did you see what they were requesting? They need to RTFM. They may have legitimate questions, but this is one ham-fisted way to go about it.

But is this really the job of Congress? Perhaps the DoJ, but Congress? Don't they have more important things to worry about? Like actually passing a budget? It's been over a 1000+ days since the Senate passed a budget.
post #16 of 39
From the desk of Tim Cook
Apple Inc.
1 Infinite Loop

Dear Henry,

1. No.
2. No.
3. Just read our rules.
4. No.
5. Plenty.
6. What do you think?
7. What do you think?
8. So you need to know this why?
9. Because we give our developers the benefit of the doubt that they won't be worthless idiots.

Sincerely,

Tim Cook

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply
post #17 of 39
Quote:
Originally Posted by thataveragejoe View Post

Nothing about this story/article has ANYTHING to do with Android. Bringing it up is simply trolling. This letter is just a publicity stunt and overblown, but there still is an issue that should be addressed.

No sure I agree with this statement. I think if a company is being singled out, then it's OK to notice and comment about it.
post #18 of 39
Quote:
Originally Posted by thataveragejoe View Post

Source? Proof? Relevant to an iOS issue and letter to Apple only how?

...what I thought. Case closed.

what type of retard are you calling it case closed before i had time to reply? you're really trying scrambling to not look like a complete fool you've made of yourself

heres a link of proof

http://www.ibtimes.co.uk/articles/25...discovered.htm
post #19 of 39


I see the Foxconn thing has run it's course, and this is the new flavor of the day. NEXT.
post #20 of 39
Quote:
Originally Posted by capoeira4u View Post

This is stupid. He should have written to Microsoft and Google instead.

How do you know they didn't?
post #21 of 39
Quote:
Originally Posted by Sector7G View Post

what type of retard are you calling it case closed before i had time to reply? you're really trying scrambling to not look like a complete fool you've made of yourself

heres a link of proof

http://www.ibtimes.co.uk/articles/25...discovered.htm

"IEEE went on to suggest that the high number of infected apps and smartphones was a consequence of a lack of understanding by the public regarding cyber-security."

Yes, we all know there's supposedly bad apps out there...if you sideload suspicious apps (not in Google Market), bypass security, ignore warnings, and run them anyway you'll (may) be infected. Ingenious. Same could be said for PC malware. Where's the outrage of users of stolen info? Where are big app developers like Path surprised they ended up with all this unexpected user data? Don't see any. No one's denying there's potential security risks to an open app pool instead of something like the AppStore. Point is, two issues are nothing alike.

Actually the Verge summed up this whole thing pretty well.
http://www.theverge.com/2012/2/14/27...u-need-to-know
I'm not a pessimist. I'm an optimist, with experience.
Reply
I'm not a pessimist. I'm an optimist, with experience.
Reply
post #22 of 39
We are $15 Trillion dollars in debt. And the Presidents budget submission on Monday increases it to $22 Trillion over the next 10 years. We are all f***** unless we fix it. Kiss all your investments, including AAPL, goodbye

Meanwhile, these Congressmen have the time to dive into this

Windows survivor - after a long, epic and painful struggle. Very long AAPL

Reply

Windows survivor - after a long, epic and painful struggle. Very long AAPL

Reply
post #23 of 39
Quote:
Originally Posted by Curmudgeon View Post

But is this really the job of Congress? Perhaps the DoJ, but Congress? Don't they have more important things to worry about? Like actually passing a budget? It's been over a 1000+ days since the Senate passed a budget.

So let me understand this... These politicians are concerned about my personal information being secure while passing law after law allowing warrantless eavesdropping, routing of all email traffic through CIA/NRO scanning, scanning wireless communications globally with Echelon, monitoring every currency transaction, and then scanning me through my clothes at the airport (and apparently planned for city streets!) just in case they missed something. I'm supposed to be worried about my address book???

Um, OK. I guess I'd have a few questions back at them. A$$hats.

(edit)
And yes, a balanced budget would be really nice too, but why do that when you can wage permanent war and enact policies for decades that undercut our own economy instead while pandering to special interests instead?
post #24 of 39
Dear Congressman, it's called a phone book.
post #25 of 39
Quote:
Originally Posted by Sector7G View Post

what type of retard are you calling it case closed before i had time to reply? you're really trying scrambling to not look like a complete fool you've made of yourself

heres a link of proof

http://www.ibtimes.co.uk/articles/25...discovered.htm

You're absolutely correct that it's not simply an "iOS issue".

What does come as a surprise to some iOS users (tho probably not many here) is that there really is a problem with some applications, even popular ones, harvesting personally identifiable information or location data without the user's knowledge. I don't fault Apple for this really, as it's unreasonable to think they have the time to use check, and later re-check every app available on the App Store to make certain they aren't taking user data for purposes they have no permission for. By the same token users have been lulled into believing that with a curated app store they don't have to worry about having their contacts, or search history, or location or other personal info used without their knowledge as they would on the Android Market.

It's a simple fact of app stores, just one Apple is better at keeping out of view: If you use a number of mobile apps there's a good chance you're giving up some personal information without specifically being aware of it.

http://venturebeat.com/2012/02/14/iphone-address-book/
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #26 of 39
Quote:
Originally Posted by Slurpy View Post



I see the Foxconn thing has run it's course, and this is the new flavor of the day. NEXT.

Whatever keeps Apple in the news, I guess.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #27 of 39
Quote:
Originally Posted by SolipsismX View Post

1) And yet without any security or accountability in place for Android they simply don't care unless it's regarding an Apple product. Android is winning¡

2) Apple really needs to make this an item in Settings like Location Data that shows you what apps have access to your Address Book or other sensitive parts of your personal info. While Path now asks you permission this should not be up to the developer but built-in protection from Apple. I blame Apple here.

3) Do they get full access to your Address Book, including notes because I put a lot of personal data into notes.

Yep, I too am curious what Address Book Info is being Uploaded to the Servers! Twitter has to be held accountable too:

Twitter admits to storing iPhone contact info for 18 months | Electronista http://j.mp/A1AyCR

Quote:
Originally Posted by thataveragejoe View Post

Nothing about this story/article has ANYTHING to do with Android. Bringing it up is simply trolling. This letter is just a publicity stunt and overblown, but there still is an issue that should be addressed.

Maybe it's a stunt, but it's even more SERIOUS than the LOCATIONGATE!!!! Locations constantly change, unlike Phone ###!!!! Google/Android must be Held Accountable too, not just Apple!!!

MOST IMPORTANT:

The Control must be given back to the USERS, so that by Opting Out of such Unintentional Sharing, they can UNDO this Disaster with OPT OUT = DELETE THAT INFO FROM A SERVER!!!!

If such DELETION is not made available, then it's like a dog barking at a tank! We are being steamrolled over, and, as soon those Server get hacked, it gets worse!!!!

Apple SHOULD have NOT Allowed this, and same goes for Google and any other Smart Phone OS, or ANY OS, including FACEBOOK!!!

Facebook offered to Find My Friend, if I shared my Email Address and Password with them. Of Course I DECLINED!!!! And now I read that Twitter might have already took that Info, and I CAN NOT UNDO THAT???

I don't care if this letter or whatever other inquiries look like a PR Stunt!!! This IRRESPONSIBLE INFO SHARING is a STRAIGHT PATH to IDENTITY FRAUD, because some people might have to much Private Info in their Address Books!!!!!!!!!!!! So... I don't mind Politicians HOLDING ALL THOSE ACTORS FEET TO THE FIRE!!!!!!!!! APPLE, GOOGLE, FACEBOOK, TWITTER etc...........

And it's NOT EASY for me to say all that, because I LOVE APPLE!!!! Even though, at this very moment, Apple Care is putting me through HELL!!!!!!!!!!!!!!!!!!!, while Iran is manipulating Wall Street, and Republicans blam Everything on Obama!

Hey, at least I am healthy, wishing ALL GREAT HEALTH TOO!!!!!!!!!!!!!!!!!!!

Go  Apple!!!

Reply

Go  Apple!!!

Reply
post #28 of 39
Men At Work!

Who can it be knocking at my door?
Go 'way, don't come 'round here no more.
Can't you see that it's late at night?
I'm very tired, and I'm not feeling right.
All I wish is to be alone;
Stay away, don't you invade my home.
Best off if you hang outside,
Don't come in - I'll only run and hide.

Who can it be now?
Who can it be now?
Who can it be now?
Who can it be now?
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
post #29 of 39
Quote:
Originally Posted by Red Oak View Post

We are $15 Trillion dollars in debt. And the Presidents budget submission on Monday increases it to $22 Trillion over the next 10 years. We are all f***** unless we fix it. Kiss all your investments, including AAPL, goodbye

Meanwhile, these Congressmen have the time to dive into this

They are all rats fighting over various cheeses for our attention.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #30 of 39
Quote:
iOS apps even have access to a device’s global data such as contacts in the Address Book, and photos in the Photo Library.

Ha-ha. That's funny. Whoever made home video and some bedroom pictures on their iPhones, do not be surprised to get exposed on adult web sites.
post #31 of 39
Quote:
Originally Posted by SolipsismX View Post


2) Apple really needs to make this an item in Settings like Location Data that shows you what apps have access to your Address Book or other sensitive parts of your personal info. While Path now asks you permission this should not be up to the developer but built-in protection from Apple. I blame Apple here.

3) Do they get full access to your Address Book, including notes because I put a lot of personal data into notes.

great points: http://www.appleinsider.com/articles...ress_book.html

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply
post #32 of 39
I do agree that nobody should have your address book sitting on their servers!

Yet once again, Apple is one of many who host apps that can do this, yet they are going to get all the blame. Why is that?

personally, among other reasons, I think this might even be a case of senators who are doing insider trading.

It's certainly possible, as they have yet to ban it for members of congress.

Today Apple's stock went up > 525 and then, out of the blue, CNBC says 'this would be a good time to take your profits' and they proceed to announce that the stock would be 'a good buy at 470' and some more blather about hedge funds needing to cash out of Puts so they can get back into AAPL 'Long'. I thought, hmmmm... I bet the stock falls like a rock down to 470. Here it goes. Here's the stories too, to back up a 'reason' why the stock would tank so much so fast. So many many stories all of a sudden.

This game is so insulting. Did anybody else manage to time this swing? We need new representatives. Do they think we aren't noticing this crap?

I'm still rooting for AAPL, trying to bring great products into the world despite all this bullshit.
What is really factored into the price is a kind of perpetual sense of disbelief that any company could be as good as Apple is. ~Retrogusto
Reply
What is really factored into the price is a kind of perpetual sense of disbelief that any company could be as good as Apple is. ~Retrogusto
Reply
post #33 of 39
Quote:
Originally Posted by SpamSandwich View Post

They are all rats fighting over various cheeses for our attention.


Agreed. While Rome burns to the ground

Windows survivor - after a long, epic and painful struggle. Very long AAPL

Reply

Windows survivor - after a long, epic and painful struggle. Very long AAPL

Reply
post #34 of 39
Quote:
Originally Posted by mrstep View Post

So let me understand this... These politicians are concerned about my personal information being secure while passing law after law allowing warrantless eavesdropping, routing of all email traffic through CIA/NRO scanning, scanning wireless communications globally with Echelon, monitoring every currency transaction, and then scanning me through my clothes at the airport (and apparently planned for city streets!) just in case they missed something. I'm supposed to be worried about my address book???

Um, OK. I guess I'd have a few questions back at them. A$$hats.

(edit)
And yes, a balanced budget would be really nice too, but why do that when you can wage permanent war and enact policies for decades that undercut our own economy instead while pandering to special interests instead?


YES - EXACTLY - GREAT REPLY REGARDING THE COMPLETE IDIOCY BY OUR 'LEADERS'. I'm hoping for even MORE protection from myself.
post #35 of 39
Quote:
Originally Posted by capoeira4u View Post

This is stupid. He should have written to Microsoft and Google instead.

Agree! As an iPhone user I am mainly concerned about MS and Google contact list security.
post #36 of 39
Oh lets pick on Apple. We can't compete with them on a creative scale or be original. So lets look for ways to discredit them. Hmm. I think there are some android and samsung reps behind this.
An Apple man since 1977
Reply
An Apple man since 1977
Reply
post #37 of 39
Quote:
Originally Posted by palomine View Post

I do agree that nobody should have your address book sitting on their servers!

Yet once again, Apple is one of many who host apps that can do this, yet they are going to get all the blame. Why is that?

personally, among other reasons, I think this might even be a case of senators who are doing insider trading.

Insider trading is actually corporate perks to senators and congressmen. It is only called insider trading when non government officials do it.
An Apple man since 1977
Reply
An Apple man since 1977
Reply
post #38 of 39
Quote:
Originally Posted by bongo View Post

Agree! As an iPhone user I am mainly concerned about MS and Google contact list security.

On Android if an app will access your contact list you'll be notified and your permission required before the app is installed. According to Apple an iOS update at some future point will add the same requirement to Apple's mobile devices.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #39 of 39
Quote:
Originally Posted by thataveragejoe View Post

Boohoo. This has nothing to do with Android, WP7, webOS, RIM or anyone else. That's a typical deflection argument when something is wrong and you want to avoid an uncomfortable topic. Android at least tells you on app installation what it's using including the address book.

I agree to disagree with you on this one...

Its to different things to access the Address book and upload it to somewhere! Yoy can't be shure about it on android other than you can't say what it does with your addressbook. Espessially with special apps like that path one. It might be to much to ask for the user to know how one really benefits of the app needing access. It might need it for some elements but without trying you really can't say can you?

Apple should have made it a warning to other appdevelopers to kick the Path developer out of the store for 2 months because of the breach in contract!!! Because that's what it really is!!!!
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • US congressmen send letter to Apple inquiring about iOS address book security
AppleInsider › Forums › Mobile › iPhone › US congressmen send letter to Apple inquiring about iOS address book security