What you need to know
- Congress has reached out to Google to get clarity over the company's approach to national security risks posed by foreign apps.
- In a letter, the body expressed concerns over the data of U.S. citizens being stored in foreign servers, potentially exposing them to espionage.
- Google has until the 31st of July to respond.
Google has been approached by the U.S. Congress to address issues with mobile apps originating from foreign countries. More particularly, the body expressed concern over data storage policies which could potentially form a vector for a national security intrusion.
Writing to Google, National Security Subcommittee Chairman Stephen Lynch said:
While the Subcommittee appreciates the safeguards Google has put in place to protect user privacy, we remain concerned that mobile applications owned or operated by foreign developers, or that store the user data of U.S. citizens overseas, could enable our adversaries to access significant quantities of potentially sensitive information on American citizens without their knowledge to the detriment of U.S. national security.
Aside from the controversy of TikTok, UAE messaging app ToTok briefly held the spotlight at the start of the year as a blockbuster report from the New York Times accused the app of being spyware. The danger of smartphone apps being governmental espionage tools has been spotlighted in 2020, and Congress seems to want this issue tackled.
The letter went on to say:
As an industry leader, Google can and must do more to ensure that smartphone applications made available to U.S. citizens on Google Play protect stored data from unlawful foreign exploitation, and do not compromise U.S. national security. At a minimum, Google should take steps to ensure that users are aware of the potential privacy and national security risks of sharing sensitive information with applications that store data in countries adversarial to the United States, or whose developers are subsidiaries of overseas companies.
Lynch drafted a similar letter to Apple, expressing the same concerns. Both companies have been given till the end of July to respond to the letter and address a few concerns, including a commitment to notifying users where app developers store their data in Play Store listings as well requesting developers publicly disclose whether they are a subsidiary of a foreign company.
David Pierce over at Protocol identified the concern over foreign apps as a matter of trust, arguing:
But ultimately, this isn't even just about China, [Eva Galperin, the EFF's director of cybersecurity,] told me. "The question is, how much do you trust TikTok, versus how much do you trust Facebook, versus how much do you trust Google?" American companies have no obligation to tell the truth in transparency reports, or to keep data away from the Chinese government. Unless we throw our phones in the ocean and move to the woods, we all eventually have to trust somebody.
Security isn't privacy, and you can have one without the other
