The Find Friends app, which enables Twitter access to those contacts to search for fellow tweeters, evidently holds onto that information long after the initial search.
Now, Twitter will not say it will stop the practice, just that it will be more open about it.
“We want to be clear and transparent in our communications with users,” Twitter spokeswoman Carolyn Penner said in a statement to the Los Angeles Times. “Along those lines, in our next app updates, which are coming soon, we are updating the language associated with Find Friends — to be more explicit.”
That means “scan your contacts” will be replaced by a more explicit “upload your contacts.”
ABC News reported Wednesday that the latest controversy began when an app developer in Singapore, Arun Thampi, discovered that the social-networking service Path collected address book data from iPhones without permission.
Twitter also admitted to the practice after members of Congress sent a letter to Apple, which offers the mobile apps for those networks, expressing concern. Apple said the practice violates its terms of service for apps.
Penner told the Los Angeles Times that Twitter did not collect the names of contacts, only their e-mails and phone numbers, and stored them so that it could alert users if one of those contacts later uses the e-mail to sign up for Twitter.
It’s the latest tension in the struggle over increasingly bold steps taken by big technology to mine data wherever they can get it. Facebook and Google — which operates Google+, YouTube and Picasa — have also been rapped for rapidly changing privacy practices and policies and have fallen under the scrutiny of the Federal Trade Commission.
“In general, social-networking companies seem to prefer begging forgiveness than asking permission,” said Charles King, principal analyst at Pund-IT. “And the transient quality of the offenses — in this case, a guy in Singapore noticing his contact list has been updated, results in a quick ‘mea culpa, now let’s move on’ — is designed to minimize the exposure and embarrassment of the vendor in question.”
We’re Fed Up, but Still Taking It
King said such dust-ups “represent a fraction of what really goes on. But unless social-networking-obsessed consumers get angry and government regulatory agencies get serious, this will remain the status quo.”
Chester Wisniewski of the global cybersecurity firm Sophos said the contact raiding is more a privacy issue than a security risk, but could cross the line.
“[It] depends on how secure Twitter’s storage mechanisms are,” he said. “My understanding is that they upload e-mail addresses and phone numbers, which without other personally identifiable information is reasonably harmless.”
However: “If a user’s Twitter account was compromised it might be possible to access the uploaded e-mails, which could enable phishing attacks, etc.”