An iOS developer has made a surprising and somewhat alarming discovery about the iPhone app published by social network Path. Arun Thampi of Singapore was digging around in Path when he discovered that the app uploads the entire contents of the user’s iPhone address book to Path’s servers.
Thampi broke the news in a post on his blog earlier today, where he also posted screenshots and a detailed explanation of the process he used to make his discovery. While Thampi is quick to say that he isn’t accusing Path of anything insidious, he also calls the fact that the app uploads his entire address book “a little creepy.” Path users are not asked to opt-in in order to allow their address book to be uploaded, nor are they even informed that the app does so.
Not long after the post went up on Thampi’s blog, Dave Morin, CEO and Co-Founder of Path, posted a comment to explain the situation. He assured Thampi (and all his readers) that Path takes this issue very seriously. He said that Paul uploads users’ address books “in order to help the user find and connect to their friends and family on Path quickly and effeciently [sic].” He insists that the kind of matching Path uses the address book for is important, but also acknowledges that users ought to understand what’s going on. It seems the update to Path for Android released a few weeks ago gives users the opportunity to opt in, and the forthcoming Path 2.0.6 for iOS will do the same.
Thampi’s readers, however, have not been inclined to let Morin off the hook quite so easily. When asked by iOS developer Matt Gemmell why the address book uploading wasn’t opt-in from the beginning, Morin insisted that it is “currently the industry best practice and the App Store guidelines do not specifically discuss contact information.” When asked how users can get their contact information removed from Path’s servers, Morin says that the data of users who opt out (once the functionality is available) will be deleted. In the meanwhile, users can email Path directly to request deletion of their address book data.