or Connect
AppleInsider › Forums › General › General Discussion › Path apologizes, offers opt-out for address book uploading
New Posts  All Forums:Forum Nav:

Path apologizes, offers opt-out for address book uploading

post #1 of 27
Thread Starter 
Social networking app Path issued an apology through its blog on Wednesday for the implementation of a back-end "feature" that uploaded a user's iPhone contacts list to the company's servers, and released an update to remedy the problem with new opt-in/opt-out settings.

On Tuesday, Developer Arun Thampi discovered that the Path app was uploading user contacts in an unseen background task, which triggered a subsequent deluge of criticism from those who viewed the action as a privacy violation.

Path claims that the data upload was meant to streamline the app's "Add Friends" feature, not to horde sensitive information:

Quote:
We are sorry.

We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts.

As our mission is to build the world’s first personal network, a trusted place for you to journal and share life with close friends and family, we take the storage and transmission of your personal information very very seriously.

Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.

The letter goes on to explain that the information gathered is used to improve the quality of friend suggestions and to notify users when a contact joins Path. The data transfers are also encrypted and stored on "servers using industry-standard firewall technology."

In response to the public outcry, Path has erased all user-uploaded contact information in concert with the release of an updated version of the software that prompts users to select whether they want to opt in to sharing contacts.


Path has released an updated version to fix privacy issue. | Source: Path


Path 2.0.6 is currently available in the App Store.

[ View article on AppleInsider ]
post #2 of 27
That would be the perfect gesture if they had ACCIDENTALLY collected the data and never realized it was happening.

But this “mistake” was not some accident or technical glitch, and just because they chose the right PR move after they got busted, that doesn’t make them a company I can trust.
post #3 of 27
Quote:
Originally Posted by nagromme View Post

That would be the perfect gesture if they had ACCIDENTALLY collected the data and never realized it was happening.

But this mistake was not some accident or technical glitch, and just because they chose the right PR move after they got busted, that doesnt make them a company I can trust.

Doesnt apple screen apps?

Apple needs to add more bricks to that wall garden. Maybe a dome?
post #4 of 27
If they really want us to trust them, shouldn't they make this an opt-IN service, rather than opt-out? I shouldn't have to hunt for a setting inside the app to turn something like this off, it should explicitly ask me to turn it on.
post #5 of 27
Quote:
Originally Posted by hittrj01 View Post

If they really want us to trust them, shouldn't they make this an opt-IN service, rather than opt-out? I shouldn't have to hunt for a setting inside the app to turn something like this off, it should explicitly ask me to turn it on.


It was probably in their EULA
post #6 of 27
Quote:
Originally Posted by Just_Me View Post

It was probably in their EULA

Doesn't matter. Apple doesn't allow it at all.

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #7 of 27
Quote:
Originally Posted by Tallest Skil View Post

Doesn't matter. Apple doesn't allow it at all.

Well Apple screwed up. They should have denied the app.

More bricks on the walled garden
post #8 of 27
Nearly sounds like a clever marketing trick this whole thing.
Citing unnamed sources with limited but direct knowledge of the rumoured device - Comedy Insider (Feb 2014)
Reply
Citing unnamed sources with limited but direct knowledge of the rumoured device - Comedy Insider (Feb 2014)
Reply
post #9 of 27
Quote:
Originally Posted by Just_Me View Post

Well Apple screwed up. They should have denied the app.

More bricks on the walled garden

Exactly. This exposes a enormous problem with Apple's procedures if an application can get approved while doing something like this.

From what little I have seen on this incident, Apple seems to be getting a pass in the coverage and I don't understand why. Has any person/site covering this asked Apple about what went wrong and what are they planning to do to prevent something like this in the future?

I heard an iOS developer talking about how easy it is to get bad behavior around Apple's approval process. He said that all he has to do is have the app check for a date past the time Apple would have approved the app. Once that date arises, the app would then go out to his web site and get instructions that would change its behavior. The developer indicated he is already using this technique to collect data that Apple wouldn't normally allow.

Walled garden indeed.

-kpluck

Do you use MagicJack?

The default settings will automatically charge your credit card each year for service renewal. You will not be notified or warned in anyway. You can turn auto renewal off.

Reply

Do you use MagicJack?

The default settings will automatically charge your credit card each year for service renewal. You will not be notified or warned in anyway. You can turn auto renewal off.

Reply
post #10 of 27
Quote:
Originally Posted by Ireland View Post

Nearly sounds like a clever marketing trick this whole thing.


next cleaver idea. Steal peoples apple I'd and use it to buy your app
post #11 of 27
Quote:
Originally Posted by Just_Me View Post

next cleaver idea. Steal peoples apple I'd and use it to buy your app

Pwned by your spellchecker.

Damn.
My car keeps crashing whenever I do 150mph. It's a design flaw. People tell me to slow down and drive normally but I should be able to use it as I wish.
Reply
My car keeps crashing whenever I do 150mph. It's a design flaw. People tell me to slow down and drive normally but I should be able to use it as I wish.
Reply
post #12 of 27
Yes, we are sorry we copied your information and now have it stored on our servers so we can sell it.
post #13 of 27
Quote:
Originally Posted by kpluck View Post

Exactly. This exposes a enormous problem with Apple's procedures if an application can get approved while doing something like this.

From what little I have seen on this incident, Apple seems to be getting a pass in the coverage and I don't understand why. Has any person/site covering this asked Apple about what went wrong and what are they planning to do to prevent something like this in the future?

I heard an iOS developer talking about how easy it is to get bad behavior around Apple's approval process. He said that all he has to do is have the app check for a date past the time Apple would have approved the app. Once that date arises, the app would then go out to his web site and get instructions that would change its behavior. The developer indicated he is already using this technique to collect data that Apple wouldn't normally allow.

Walled garden indeed.

-kpluck

I wish Apple would catch these offenders automatically—let the arms race begin!--but neither Apple nor Google does so at present. At the same time, Apple never promised to make this abuse impossible: their policy is simply to disallow it, but it must first be caught.

This isn’t the first nor last instance, just a high profile one.

I do think they deserved to be kicked off the App Store even AFTER this fix. That "feels" fair! However, any developer might make a mistake, so that’s a bad policy for Apple to set: imagine if your favorite app accidentally sent data even if you opted out. It should be fixed or get pulled by Apple—and I’m glad fixing it is an option. Punishing the company after the fix would also punishes its users.
post #14 of 27
Too bad, because Path 2.0 was a vast improvement over the original version; it was actually fun to use.

I'm all for giving this company another chance -- in time. But it won't be with my data. I'm still waiting for the final e-mail confirming my Path.com account has been permanently deleted.

As punishment, Apple should ban this company's apps from the App Store for one year and institute a resubmission fee for the banned app, like $10,000 to cover increased monitoring costs during a three-year probationary period. In addition, Apple should stipulate that account deletion be possible from the app itself. Currently, there is no way to delete an account on their website apart from sending an e-mail to their customer service inbox.

That would send a far stronger message to other app developers about respecting the privacy of user data.
post #15 of 27
Quote:
Originally Posted by nagromme View Post

I wish Apple would catch these offenders automaticallylet the arms race begin!--but neither Apple nor Google does so at present. At the same time, Apple never promised to make this abuse impossible: their policy is simply to disallow it, but it must first be caught.

This isnt the first nor last instance, just a high profile one.

I do think they deserved to be kicked off the App Store even AFTER this fix. That "feels" fair! However, any developer might make a mistake, so thats a bad policy for Apple to set: imagine if your favorite app accidentally sent data even if you opted out. It should be fixed or get pulled by Appleand Im glad fixing it is an option. Punishing the company after the fix would also punishes its users.

Apple makes point and touts that they examine all the apps that they approve. So either they knew about path copying the entire contacts of users or they were negligent.
Wall Garden Failed. More bricks on the wall
post #16 of 27
Or you can opt-out of Path and never use it again.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #17 of 27
It's just not credible to me, that they put this feature in, and the privacy implications never occurred to anyone. And I am a person who gives people the benefit of the doubt by inclination. Unless they outsourced development to another country where people have different values, and it didn't even occur to them that people might mind.
post #18 of 27
Great to see the howling crowd at it. Too bad there is no nigger to be hung, heh?

Sometimes, you people are despicable.

Suddenly, everyone's a dev company, with years of experience in management of men AND complete understanding of Apple processes? Come on. Those guys MAY have tried to play un-nice. They also may have made a honest mistake. It's Apple's to decide. Don't burn the guys yet.

This is not Mississippi, 1830. There is a legal system. There are rules in place. And by the way, how many of you buy games at EA and Sony? If you're SO DISTRAUGHT by such "horrible practices", shun them (the bigger, multibillion companies) first. Sue them. Don't just go with the crowd.

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #19 of 27
Quote:
Originally Posted by ascii View Post

It's just not credible to me, that they put this feature in, and the privacy implications never occurred to anyone. And I am a person who gives people the benefit of the doubt by inclination. Unless they outsourced development to another country where people have different values, and it didn't even occur to them that people might mind.

And of course, you perfectly understand all the programming in the app, since the source is open and you know Objective-C? You also know exactly how competitors apps work, since they're also opensource?
Gimme a break.

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #20 of 27
Quote:
Originally Posted by Just_Me View Post

Apple makes point and touts that they examine all the apps that they approve. So either they knew about path copying the entire contacts of users or they were negligent.
Wall Garden Failed. More bricks on the wall

Apple doesn't. They have some automated tests and some human screening. They can't just test everything or they'd need human readers to go through the source of everything, which would raise monopoly issues. Imagine if Microsoft demanded access to the source of every Windows program ever made to authorize it to run?

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #21 of 27
Question: who's Arun Thampi. Why was he reverse engineering that software without permission? Doesn't that actually break the law?

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #22 of 27
Quote:
Originally Posted by lightknight View Post

And of course, you perfectly understand all the programming in the app, since the source is open and you know Objective-C? You also know exactly how competitors apps work, since they're also opensource?
Gimme a break.

I don't need to know the source code of their app, since the API is the same for everyone (and it's straight C by the way, not Objective-C).

There is simply no way to iterate through someone's address book, serialise all their contacts in to a form suitable for transmission across the wire, transmit it, have a service set up at the other end to receive it (with appropriate infrastructure and database behind it), and do all that accidentally.

The phone developer must have known, the DBA must have known, and the project manager who tracked their activities and budgeted for the server infrastructure must have known.

Given all that, it is not likely an accident, but a choice on their part.
post #23 of 27
Quote:
Originally Posted by lightknight View Post

Question: who's Arun Thampi. Why was he reverse engineering that software without permission? Doesn't that actually break the law?

Reverse engineering is not illegal. Even decompiling is not illegal. Partly, it depends on the purpose. If you're doing something for research purposes, the latitude is very broad.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #24 of 27
Too late, app deleted.
post #25 of 27
Quote:
Originally Posted by lightknight View Post

Question: who's Arun Thampi. Why was he reverse engineering that software without permission? Doesn't that actually break the law?

As it stands now, Thampi is a bit of a hero (small h). If not for him, Path would have continued this practice. Their mea culpa is not 100% voluntary. Dave Morin debated quite a while to justify what they did.
post #26 of 27
Quote:
Originally Posted by lightknight View Post

Great to see the howling crowd at it. Too bad there is no nigger to be hung, heh?

Sometimes, you people are despicable.

Suddenly, everyone's a dev company, with years of experience in management of men AND complete understanding of Apple processes? Come on. Those guys MAY have tried to play un-nice. They also may have made a honest mistake. It's Apple's to decide. Don't burn the guys yet.

This is not Mississippi, 1830. There is a legal system. There are rules in place. And by the way, how many of you buy games at EA and Sony? If you're SO DISTRAUGHT by such "horrible practices", shun them (the bigger, multibillion companies) first. Sue them. Don't just go with the crowd.

Despicable? Sometimes? Nothing like a little false indignation to make yourself feel good, eh?
post #27 of 27
Path changes name to Facebook II ... this error is breathtaking.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Path apologizes, offers opt-out for address book uploading