In the wake of the Path address book debacle, Rep. Henry Waxman sends letter to Apple asking for explanation of its iOS app policies.

One week after the photo-sharing service Path began taking heat for downloading user address books without user permission, a U.S. House subcommittee said it wants to know why Apple doesn't force iOS app developers to seek user permission before downloading their contacts.

"This incident raises questions about whether Apple's iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," Rep. Henry A. Waxman (D-Calif.), ranking member of the Subcommittee on Commerce, Manufacturing and Trade, wrote in a letter sent to Apple CEO Tim Cook that was made public today.

Apple responded a couple of hours later, pledging to change its policy so that iOS apps which use address book data will first need the explicit permission of users. "Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," Apple spokesman Tom Neumayr said.

The guidelines on the Apple App Store specifically prohibit apps from transmitting data "about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used."

But in its letter, the committee suggested that the practice may be more common than originally thought, quoting a claim by blogger Dustin Curtis that there is a "quiet understanding among many iOS app developers that it is acceptable to send a user's entire address book, without their permission, to remote servers and then store it for future reference."