Washington, D.C. – Today, U.S. Representative Stephen F. Lynch, the Chairman of the Subcommittee on National Security, sent letters to Apple and Google after the Office of the Director of National Intelligence (ODNI) and the Federal Bureau of Investigation (FBI) confirmed that mobile applications developed, operated, or owned by foreign entities, including China and Russia, could potentially pose a national security risk to American citizens and the United States.
“As industry leaders, Apple and Google can and must do more to ensure that smartphone applications made available to U.S. citizens on their platforms protect stored data from unlawful foreign exploitation, and do not compromise U.S. national security,” Chairman Lynch wrote. “At a minimum, Apple and Google should take steps to ensure that users are aware of the potential privacy and national security risks of sharing sensitive information with applications that store data in countries adversarial to the United States, or whose developers are subsidiaries of foreign companies.”
On February 26, 2020, Chairman Lynch wrote to FBI Director Christopher Wray and Acting Director of National Intelligence Richard Grenell requesting information on whether mobile applications developed, operated, or owned by foreign entities pose a potential national security risk.
On July 7, 2020, ODNI told the Subcommittee, “Mobile applications developed, operated or owned by foreign entities present a potential national security risk because developers can deliberately code kill switches, backdoors or vulnerable data streams into mobile applications that allow access to the application’s software, application generated data, or even — in some cases — the device itself, and because application owners/operators can filter, censor, corrupt, intercept, and illegitimately divert or share data generated by applications.”
On July 10, 2020, the FBI told the Subcommittee, “[I]f users voluntarily provide information to a mobile application that is based in a foreign country or that stores information in a foreign country, the information is subject to the respective foreign country's laws, which may allow its acquisition by that country's government.”
On December 13, 2019, Chairman Lynch sent letters to Apple and Google requesting information about whether the companies require mobile application developers to disclose potential overseas affiliations before making their products available to U.S. users.
Apple confirmed that it does not require developers to submit “information on where user data (if any such data is collected by the developer’s app) will be housed” and that it “does not decide what user data a third-party app can access, the user does.”
Google stated that it does “not require developers to provide the countries in which their mobile applications will house user data” and acknowledged that “some developers, especially those with a global user base, may store data in multiple countries.”
In today’s letters, Chairman Lynch seeks commitments from Apple and Google to require information from application developers about where user data is stored, and to make users aware of that information prior to downloading the application on their mobile devices.
Click here to ready today’s letter to Apple.
Click here to read today’s letter to Google.