Path is a hugely popular social network app for iOS users, created by Dave Morin, a former Facebook engineer. It was revealed earlier today the app actually uploads your entire iPhone address book to its servers–without your permission or knowing. This is a violation of Apple’s App Store guidelines and it was shockingly discovered by developer Arun Thampi:
Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path. Now I don’t remember having given permission to Path to access my address book and send its contents to its servers, so I created a completely new “Path” and repeated the experiment and I got the same result – my address book was in Path’s hands.
Here is Path’s CEO, Dave Morin’s response:
Arun, thanks for pointing this out. We actually think this is an important conversation and take this very seriously. We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently as well as to notify them when friends and family join Path. Nothing more.
We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval.
Co-Founder and CEO of Path
There are certainly many other apps that use your address book to help find other friends, but it has never been discovered to also have uploaded their numbers, emails, and full names to external servers. I tested out Path initially when it launched, but I haven’t used it since. There are just way too many social networks to manage nowadays.
Are you an active user of Path? Do you care that your data was uploaded without your permission?