Path Uploads Your iPhone’s Entire Address Book to Their Servers
Pretty disappointing to know the we were not even given an option to opt-in; not a good case of building trust with permission.
Blogger Arun Thampi discovered something that may or may not sit right about the free social media app Path while packet sniffing the app last night. Upon first installing the app and registering for an account, Path sends each one of your contacts in your address book to their server via a. plist. The .plist includes full names, phone numbers, and e-mails.
Path makes the call “https://api.path.com/3/contacts/add” when you first create an account, and it uploads all your contacts to its server. In most people’s mind, this obviously makes them feel a little uncomfortable. Thampi details the technical aspects of this, and how you can recreate it yourself, in his blog post.
Path’s Cofounder and CEO Dave Morin commented on the situation and said iPhone users will soon be able to opt-out of the setting in an update that will roll out to the App Store shortly. Nevertheless, does that really change anything? He did not really explain why Path is doing this, and your entire address book is still on their servers. You can read Morin’s comment after the break:
We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval. (Via 9 to 5 Mac)