Congress urges Apple and Google to curb foreign app data sharing

Top Democrats have called on Apple and Google to prevent smartphone apps from compromising national security by sharing data with foreign entities “including China and Russia”, as viral video app TikTok faces a potential US ban over its Beijing ties.

In letters sent on Tuesday to Apple chief executive Tim Cook and Google chief executive Sundar Pichai, Stephen Lynch, the Democratic congressman who chairs the House oversight subcommittee for national security, wrote: “As industry leaders, Apple and Google can and must do more to ensure that smartphone applications made available to US citizens on their platforms protect stored data from unlawful foreign exploitation, and do not compromise US national security.”

Mr Cook and Mr Pichai are both expected to testify before Congress on July 27, alongside Jeff Bezos of Amazon and Facebook’s Mark Zuckerberg, to face questions from the House judiciary antitrust subcommittee.

While Mr Lynch did not name specific apps, he cited evidence from the office of the US director of national intelligence, who said last week that mobile apps made or owned by foreign entities could present a “national security risk” because “developers can deliberately code . . . backdoors or vulnerable data streams” into apps that could grant access to software, data, “or even — in some cases — the device itself.”

He added, however, that banning some smartphone apps altogether might inhibit innovation and enable censorship.

The letters come as Trump administration officials have suggested they are exploring banning TikTok, which is owned by one of China’s largest private companies, ByteDance, and has exploded in popularity among American teens during the pandemic. At the same time, Republican and Democratic lawmakers alike have introduced a series of measures taking a more hawkish stance on China in recent months.

Last week,US secretary of state Mike Pompeo said the administration might look to block Chinese-owned apps including TikTok over national security fears. Meanwhile, White House trade adviser Peter Navarro on Fox News accused TikTok and Chinese app WeChat of sending user data to the Chinese Communist party, which could then be used “for blackmail and extortion” as well as “information warfare”.

Concerns over TikTok’s Chinese roots, as well as its data-gathering practices, have also spurred some corporations to take action. In the US, Wells Fargo last week ordered staff to delete TikTok from their work devices citing privacy and security concerns. Amazon issued a similar directive but then retracted it, calling it an error.

TikTok did not immediately respond to a request for comment. According to its privacy policy, the company stores American user data on servers in the US or Singapore. However, the company also says it “may share . . . information with a parent, subsidiary, or other affiliate of our corporate group”.

India has already taken the step of banning dozens of apps made by Chinese companies, including TikTok, over security concerns after more than 20 Indian soldiers died in a border dispute with Chinese troops, inflaming anti-China sentiment in the country.

House Democrats have been probing the national security risks of foreign smartphone apps for months, requesting information from tech platforms as well as national security officials and the FBI.

Responding to one request, FBI officials told the committee last week that if US consumers “voluntarily provide information to apps based in foreign countries, that information is subject to the respective foreign country’s laws, which may allow its acquisition by that country’s government”.

Responding to an earlier request, Apple said in January that it does not require app developers to say where user data is stored, adding: “[Apple] does not decide what user data a third-party app can access, the user does.”

Google has previously said its Play Store requires developers to “limit their collection of personal and sensitive user information,” but it acknowledged that some developers may store data in multiple countries.