The news that life journal app Path takes all a user’s address book information from their iPhone and uploads it to its servers without permission has put the promising young company in an awkward position and has sparked a new debate about privacy and apps.
Singapore-based developer Arun Thampi discovered the flaw when he began observing various API calls made to Path’s servers from the iPhone app.
He then noticed a strange request among the calls and discovered that his entire address book – including names, emails and phone numbers – were being sent to Path without his permission.
Thampi repeated the process and discovered that once again his entire address book was being sent to Path’s servers.
The revelation has caused a storm of controversy online.
Path CEO David Morin responded by pointing out that the purpose of uploading the address book is to help the user find and connect with friends more efficiently.
Morin is steadfast in his belief that this method of finding and matching friends is important and said opt-in is coming soon to iOS. It was already launched on Path’s Android client a few weeks ago.
Either way, the revelation has brought into sharp focus what happens on sites like Path or Facebook when you grant apps certain permissions.
It’s a debate that’s long overdue, perhaps.