Path Updates App after Being Caught Geotagging Uploaded Photos without User Consent
A new security issue has been discovered and recently patched with Path on the same day the company had to pay $800,000 in settlement with the U.S. Federal Trade Commission. Userís location may have been posted alongside uploaded photos even when Location Services had been disabled in the app.
The flaw was found by security researcher Jeffrey Paul, who detailed the problem that allows Pathís iOS app to geotag a userís photos without permission. The discovery had really poor timing for Path as the popular social network ended up on the news for settling with the FTC over similar privacy concerns. To be more specific about the issue that was discovered, Pathís iOS app was using the embedded EXIF tag location information from photos in the iOS Camera Roll to geotag posts, even when explicitly disabled in Location Services for the Path application.
As per the settlementís arrangement, Path is prohibited from making misrepresentations about the extent to which it maintains the privacy and confidentiality of usersí personal information in addition to the $800,000 penalty. Information for children under the age of 13 was said to be deleted and the company said it has already removed the previously collected data. In addition to clearing the data, the company has released an updated version of the app which is now available on the App Store having been pushed to and accepted by Apple.
Source: Jeffrey Paul
), The Next Web