Last month it was discovered that the popular social network Path was uploading entire address books — including email addresses, names and phone numbers — to its external servers. Path’s actions were a direct violation of Apple’s terms of agreement, and the Cupertino-based company was apparently not happy. Bloomberg’s BusinessWeek reported on Thursday that Path co-founder Dave Morin was hauled into Apple’s headquarters and grilled by CEO Tim Cook and other executives on the matter. Apple remained silent as other developers were called out for stealing users’ contact data, but the company finally issued a statement claiming that “any app wishing to access contact data will require explicit user approval in a future software release.” More →
Apple remained silent as Path and other developers were called out for ostensibly stealing users’ contact data. Without asking for permission or even notifying users at all, these apps would transmit a user’s full address book to remote servers where the data would be stored for later reference. But as BGR mentioned in our post explaining how to prevent these sneaky apps from stealing contact data, Apple was partially at fault for letting these apps into the App Store. According to a statement Apple issued on Wednesday, this will no longer be the case. “Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” an Apple spokesman told All Things D. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.” It is unclear if or when Apple plans to remove apps already in the App Store that transmit Address Book data first without seeking permission from the user. More →
Path caused quite a stir last week when it was discovered that the app secretly transmitted users’ entire contact lists to its servers. Without giving users the option to approve the transfer or even giving an indication that this data was being sent, Path was basically stealing personal data. The company’s CEO would later apologize and a recent update makes the process more transparent, but the damage has been done and the company’s image is tarnished. Apple is known for having strict guidelines by which iOS apps are judged before being allowed in the App Store, but apparently the theft of user data falls within those guidelines. Luckily for iPhone users, one developer decided to take matters into his own hands. Read on for more. More →
Yesterday it was revealed that the popular social networking app Path was uploading entire iPhone address books to the company’s server. The data uploaded included full names, phone numbers and email addresses, and the app uploaded all this data without ever asking for permission. Dave Morin, Path’s co-founder and CEO, admitted fault on Wednesday through the company’s website and announced an update to allow users to either opt in or out of the contact collection feature. “We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words,” Morin said. “So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.” The company maintains that when data is transmitted to its servers, it is always sent securely through an encrypted connection and protected by industry-standard firewalls. More →
Path, the popular social network that competes with the likes of Instagram, may be uploading your iPhone’s entire address book up to its servers. Arun Thampi from mclov.in noticed the Path app’s steal data dump while trying to create a Mac OS X application for the social network during a hackathon. “Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path,” Thampi said, noting that Path didn’t ever ask for permission to do so. It’s unclear why Path is uploading the iPhone’s entire address book, but Thampi noticed that the social network performs the action during an API call with basic HTTP authentication. It remains unclear if Path’s Android application is also guilty of uploading personal information. Thampi has instructions on how to catch Path in the action on his blog.
UPDATE: A response from Path’s CEO follows after the break. More →