On Tuesday, Developer Arun Thampi discovered that the Path app was uploading user contacts in an unseen background task, which triggered a subsequent deluge of criticism from those who viewed the action as a privacy violation.
Path claims that the data upload was meant to streamline the app's "Add Friends" feature, not to horde sensitive information:
We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts.
As our mission is to build the world’s first personal network, a trusted place for you to journal and share life with close friends and family, we take the storage and transmission of your personal information very very seriously.
Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.
The letter goes on to explain that the information gathered is used to improve the quality of friend suggestions and to notify users when a contact joins Path. The data transfers are also encrypted and stored on "servers using industry-standard firewall technology."
In response to the public outcry, Path has erased all user-uploaded contact information in concert with the release of an updated version of the software that prompts users to select whether they want to opt in to sharing contacts.
Path has released an updated version to fix privacy issue. | Source: Path
Path 2.0.6 is currently available in the App Store.
[ View article on AppleInsider ]