Tech

Thursday 9 February 2012

Path steals users' address books; apologizes


Path, the social networking application has been storing your address book in a remote server without you being in the know. Developer, Arun Thampi noticed and published the hitch when he was trying to develop a Path 2 application for Mac OS. When Thampi was using the API to develop the application, he noticed that his entire contact list with phone numbers, names and emails was being sent as a list to Path. When Path CEO and founder Dave Morin replied to Thampi, it was discovered that this was actually an industry practice and most applications access your contact list and store it in a remote server. Morin says, "This is currently the industry best practice and the App Store guidelines do not specifically discuss contact information."
They took entire address books
They took entire address books


Point 17.1 of the App Store guidelines says, " Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used". Point 17.2 of the App Store guidelines says, "Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected." Which means, essentially what Path was doing went against the App Store guidelines.

Morin replied to Thampi's post explaining, "We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and family join Path. Nothing more." Morin also apologized in a blog post explaining that information that a user shares with Path is stored on their servers over an encrypted connection. He also said that Path released an update to their app, version 2.0.6, which will allow users to choose to share their information, or otherwise with Path, in order to help them find friends and family. They have also deleted all the contact information collected from users from their servers.

No comments:

Post a Comment