Democrat presses Google, Apple over foreign transparency

Rep. Stephen Lynch (D-Mass.) on Tuesday urged Google and Apple to be more transparent with customers about the potential data privacy dangers of foreign-made apps.

Lynch, who serves as chairman of the House Oversight and Reform Committee’s national security subcommittee, reached out to the companies following statements from the FBI and the Office of the Director of National Intelligence (ODNI) that foreign-made apps could pose a danger to consumers.

“We remain concerned that mobile applications owned or operated by foreign developers, or that store the user data of U.S. citizens overseas, could enable our adversaries to access significant quantities of potentially sensitive information on American citizens without their knowledge to the detriment of U.S. national security,” Lynch wrote in letters to Google CEO Sundar Pichai and Apple CEO Tim Cook.

Lynch previously wrote to the FBI and the ODNI in February raising concerns around foreign-made and controlled apps.

The FBI responded to Lynch earlier this month, stating in a letter that “if users voluntarily provide information to a mobile application that is based in a foreign country or that stores information in a foreign country, the information is subject to the respective foreign country’s laws, which may allow its acquisition by that country’s government.”

The ODNI backed up concerns around U.S. data used by foreign-made apps, writing in a separate response to Lynch this month that foreign mobile apps do present a security risk.

“Mobile applications developed, operated or owned by foreign entities present a potential national security risk because developers can deliberately code kill switches, backdoors or vulnerable data streams into mobile applications that allow access to the application’s software, application-generated data, or even—in some cases—the device itself,” the ODNI wrote to Lynch.

As a result of the concerns from the intelligence agencies, Lynch asked Google and Apple to commit to requiring app developers to disclose the countries where user data is stored, make this information available to customers considering downloading the app, and also asked whether the companies would consider further changes to protect data privacy.