House Democrat questions Google, Apple over handling of foreign-linked apps

A House Democrat pressed Google and Apple this week to provide information on whether they require mobile app developers to disclose foreign affiliations prior to the apps being offered to consumers, citing specific concerns around apps TikTok and FaceApp.

Rep. Stephen Lynch (D-Mass.), who serves as chairman of the House Oversight and Reform Subcommittee on National Security, sent letters to Google CEO Sundar Pichai and Apple CEO Tim Cook on Friday highlighting his concerns around foreign governments potentially having access to the personal data of Americans due to foreign-affiliated apps.

“U.S. laws permit mobile applications to collect massive amounts of personal information about their users as long as the users consent to the collection of that information as a condition of service,” Lynch wrote. “However, many smartphone owners are not aware that by consenting to an application’s service agreement, they are authorizing the application to access significant quantities of personal, and oftentimes sensitive, information.”

Lynch noted that “the extent to which this information is secured, either through encryption or alternative mechanisms, as well as the degree to which user data is shared, varies across applications.”

The lawmaker pointed to ongoing security and privacy concerns around popular video app TikTok and dating app Grindr, both of which are affiliated with Chinese ownership, as well as photo editing app FaceApp, which was developed by a St. Petersburg-based company. 

“Given the pervasiveness of smartphone technology in the United States, as well as the vast amounts of information stored on those devices, foreign adversaries may be able to collect sensitive information about U.S. citizens, which presents serious and immediate risks for U.S. national security,” Lynch wrote.

The lawmaker asked that the companies respond to questions including how they determine whether to offer an app to consumers, if they require the app developers to provide information on which country user data will be stored in, and whether the companies have each established “baseline data protection” practices that app developers must comply with.

Lynch gave Cook and Pichai until Jan. 10 to respond to his questions. Neither Google nor Apple immediately responded to The Hill’s requests for comment on the letters.

The letters were sent as concern grows on Capitol Hill surrounding foreign-owned and affiliated apps.

Earlier this month, Senate Minority Leader Charles Schumer (D-N.Y.) shared a letter from the FBI in response to his concerns about the security of FaceApp.

Jill Tyson, the assistant director of the FBI’s Office of Congressional Affairs, wrote to Schumer that “the FBI considers any mobile application or similar product developed in Russia, such as FaceApp, to be a potential counterintelligence threat, based on the data the product collects, its privacy and terms of use policies, and the legal mechanisms available to the Government of Russia that permit access to data within Russia’s borders.”

Concerns around TikTok have been even more widespread, with the U.S. inter-agency Committee on Foreign Investment in the United States currently investigating the company. Lawmakers on both sides of the aisle have also raised concerns about where the company stores its data on Americans.

Critics of TikTok point to a Chinese intelligence law that requires Chinese organizations and citizens to “support, assist, and cooperate with Chinese intelligence work.”

TikTok has pushed back against allegations that the Chinese government can access data of Americans, with the company saying that this data is stored on servers outside of China.