Washington, D.C. – Today, Rep. Stephen F. Lynch, the Chairman of the Subcommittee on National Security, sent letters to Google and Apple seeking information related to whether they require mobile application developers to disclose potential overseas affiliations before making their products available to U.S. users.   

“Congress has a responsibility to protect the privacy of American citizens and the national security of the United States while foreign entities and governments invest in economic and technological advancement,” wrote Chairman Lynch.  “Deliberate, thorough, and transparent oversight of foreign operated mobile applications promotes these goals.” 

Recent reporting suggests that foreign companies and developers could be providing sensitive data to their host governments on U.S. citizens via their mobile applications, such as TikTokGrindr, and FaceApp, creating significant national security risks. 

“By collecting personal information on U.S. government personnel who have access to classified information, foreign adversaries may attempt to expose them to blackmail, tailor intelligence spotting or recruitment activities to specific targets, or exert undue foreign influence in U.S. policymaking,” continued Chairman Lynch.  “In addition, artificial intelligence could enable foreign adversaries to manipulate user-provided data to create profiles on average U.S. citizens that could be leveraged in future military conflicts or diplomatic disputes.”

In November, in response to a letter from Minority Leader Charles Schumer, the FBI wrote, “The FBI considers any mobile application or similar product developed in Russia ... to be a potential counterintelligence threat, based on the data the product collects, its privacy and terms of use policies, and the legal mechanisms available to the Government of Russia that permit access to data within Russia's borders.”

Under U.S. law, mobile applications may collect massive amounts of personal, possibly sensitive information with their users’ consent as a condition of service.  In the United States, the data that mobile device users voluntarily share with applications is protected under the Fourth Amendment, which prohibits unreasonable government searches and seizures.  However, when mobile applications are owned, operated, or developed by a foreign entity, there is a risk that foreign governments might be able to access that information, irrespective of whether the data is stored on servers in the United States or abroad.

“Given the pervasiveness of smartphone technology in the United States, as well as the vast amounts of information stored on those devices, foreign adversaries may be able to collect sensitive information about U.S. citizens, which presents serious and immediate risks for U.S. national security,” Chairman Lynch continued. 

Chairman Lynch asked Google and Apple to provide information relating to whether they require mobile application developers to disclose their potential overseas affiliations before making their products available on their platforms.

You can read the letter to Google CEO Sundar Pichai here.

You can read the letter to Apple CEO Timothy Cook here.