Dev Discovers Path App Uploading Entire iPhone Address Book to its Servers

[Akshay Masand]

The popular and elegant mobile social networking app, Path, has come under heavy criticism after developer Arun Thampi discovered that the app uploads users’ address books to its servers without asking for permission. The whole ordeal was discovered by Thampi when he encountered the back-end feature while attempting to hack the application to run on the Mac OS X. After he went public with the news, it sparked quite a bit of backlash from users who viewed the address book upload as a violation of their privacy.

The Path CEO, Dave Morin, quickly responded to Thampi by clarifying that the upload was meant to help users find their friends. The Android version of Path recently switched to opt-in and Morin said that an update to the iPhone version would also be switched to opt-in and was awaiting approval from Apple. The address book upload feature even seems to appear to violate Apple’s own App Store guidelines. Apple clearly states that “apps cannot transmit data about a user without obtaining the users’ prior permission and providing the user with access to information about how and where the data will be used.”

The Cupertino California company has taken a strong vocal stance on protecting its customers’ privacy on the App Store. This was seen when the company unveiled its in-app subscriptions feature for the storefront last year, where it stated that privacy is “a key feature of all App Store transactions.” Publishers initially argued against Apple’s insistence that subscriber details should not be automatically forwarded to them.

Path launched in 2010 as a social journal that was meant to be more private than other broader social networking services like Facebook or Twitter. Although the application received good reviews, it failed to gain much traction until its relaunched last November. After its relaunch, the app’s user base grew from 10,000 to 300,000 in just two and a half weeks. It should be noted that Path isn’t alone in implementing this debatable feature. Several developers have reported that other apps do the “exact same thing.”

Source: Arun Thampi (blog)

[TOT_tomdora]

Well, I've never heard of it until now. Guess I'll just stay away from it.

[Spyruf]

same

[exNavy]

I'm curious to know how many jailbreak applications have done this? It seems the app store has a recurring problem with this issue. Just wondering as apple loves to state how bad jailbreaking is when they would appear to have more serious issues with their walled garden.

[s0ulp1xel]

Well, I've never heard of it until now. Guess I'll just stay away from it.

same here

[Lohand]

One Word, FIREWALL-IP! It would have squashed all of that nonsense!
ModMyi.com | Firewall iP

PS Yllier got MAD SKILLZ! Sayin...

[Razz]

At least the app store has a vetting system (although obviously not perfect). Imagine the data being transmitted via all those jb apps that are vetted by no one.

[tomdotcom]

I'm curious to know how many jailbreak applications have done this? It seems the app store has a recurring problem with this issue. Just wondering as apple loves to state how bad jailbreaking is when they would appear to have more serious issues with their walled garden.

That's a very good point. When you look at stuff like this and also see the number of apps that get taken down from the App Store after they are found to contain features like tethering, it makes you wonder what Apple's mysterious vetting process involves.

I appreciate how many apps get submitted to the App Store, but it's not as if Apple can't afford to hire a few more people to keep up with the workload.

[celeron]

Well, I've never heard of it until now. Guess I'll just stay away from it.

Same here

[Aehmlo]

At least the app store has a vetting system (although obviously not perfect). Imagine the data being transmitted via all those jb apps that are vetted by no one.

True, the potential is there, but only if you add non-default sources. All the default repos have been checked by the maintainer to ensure that apps do not violate user's privacy. Also, in the case that one would slip through, the community is a great vetting source. The community can help take apps down, and often they do. This is why I love the jailbreak community.

[DaMan05]

I remember that apps used to have to ask to access your address book? I think it was like Viber or something that used to ask. But it doesn't anymore.

I think this should be required just like location and push notifications.

[Aehmlo]

I remember that apps used to have to ask to access your address book? I think it was like Viber or something that used to ask. But it doesn't anymore.

I think this should be required just like location and push notifications.

+1 BTW I love Facebook's implementation of "Request for Permissions"

[rocky5]

TVCatchup does the same as this app & top make matters worse it has absolutely no reason to access our contacts.