Apple and Google should warn users about the ‘national security risks’ of apps developed by foreign entities, says the chairman of the congressional Subcommittee on National Security, Rep. Stephen Lynch.

Lynch has written to both tech giants arguing that apps by ‘our adversaries’ could be used to gather sensitive information on American citizens …

The letter seems carefully worded to refer to China and Russia without ever explicitly saying so.

Lynch says that it would not be reasonable to go as far as banning foreign apps, or to require them to store user data on US servers, but Apple should alert users of the App Store to potential privacy risks.

Mobile applications developed, operated or owned by foreign entities present a potential national security risk because developers can deliberately code kill switches, backdoors or vulnerable data streams into mobile applications that allow access to the application’s software, application-generated data, or even—in some cases—the device itself, and because application owners/operators can filter, censor, corrupt, intercept, and illegitimately divert or share data generated by applications.

The letter calls on Apple to answer four multi-part questions by the end of the month.

As an industry leader, Apple can and must do more to ensure that smartphone applications made available to U.S. citizens on the AppStore protect stored data from unlawful foreign exploitation, and do not compromise U.S. national security. At a minimum, Apple should take steps to ensure that users are aware of the potential privacy and national security risks of sharing sensitive information with applications that store data in countries adversarial to the United States, or whose developers are subsidiaries of overseas companies.

The letter to Google is identical, simply substituting the company name.

  • In its January 10, 2020, letter, Apple advised that it is not aware of any statutory or regulatory limitations that would prohibit it from requiring application developers to provide the locations where user data will be stored.(a) Will Apple commit to requiring developers to disclose the countries in which they store user data collected by their applications?(b) Will Apple commit to making this information available to consumers in its application listings on the AppStore?
  • Will Apple commit to requiring developers to disclose whether they are a corporate subsidiary of a foreign entity? Will Apple commit to making this information available to consumers in its application listings on the AppStore?
  • Has Apple previously removed a third-party application from the AppStore due to suspicious or nefarious exploitation of user data by foreign governments? Please describe the circumstances; and
  • Does Apple have additional recommendations that would better protect user data stored on third-party applications from foreign collection and exploitation? For example, would Apple consider notifying users in the AppStore if certain applications collect especially personal or sensitive information?

Popular video-sharing app TikTok has come under increasing fire, Secretary of State Mike Pompeo going so far as to say the White House was considering banning the app from the US. It is also being investigated by the Justice Department to see whether it broke promises made last year to address child privacy concerns. TikTok insists that all data for US users is stored on US servers.