Path apologizes, offers opt-out for address book uploading

Posted:
in General Discussion edited January 2014


Social networking app Path issued an apology through its blog on Wednesday for the implementation of a back-end "feature" that uploaded a user's iPhone contacts list to the company's servers, and released an update to remedy the problem with new opt-in/opt-out settings.



On Tuesday, Developer Arun Thampi discovered that the Path app was uploading user contacts in an unseen background task, which triggered a subsequent deluge of criticism from those who viewed the action as a privacy violation.



Path claims that the data upload was meant to streamline the app's "Add Friends" feature, not to horde sensitive information:



Quote:

We are sorry.



We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts.



As our mission is to build the world’s first personal network, a trusted place for you to journal and share life with close friends and family, we take the storage and transmission of your personal information very very seriously.



Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.



The letter goes on to explain that the information gathered is used to improve the quality of friend suggestions and to notify users when a contact joins Path. The data transfers are also encrypted and stored on "servers using industry-standard firewall technology."



In response to the public outcry, Path has erased all user-uploaded contact information in concert with the release of an updated version of the software that prompts users to select whether they want to opt in to sharing contacts.





Path has released an updated version to fix privacy issue. | Source: Path







Path 2.0.6 is currently available in the App Store.



[ View article on AppleInsider ]

«1

Comments

  • Reply 1 of 26
    nagrommenagromme Posts: 2,834member
    That would be the perfect gesture if they had ACCIDENTALLY collected the data and never realized it was happening.



    But this “mistake” was not some accident or technical glitch, and just because they chose the right PR move after they got busted, that doesn’t make them a company I can trust.
  • Reply 2 of 26
    just_mejust_me Posts: 590member
    Quote:
    Originally Posted by nagromme View Post


    That would be the perfect gesture if they had ACCIDENTALLY collected the data and never realized it was happening.



    But this ?mistake? was not some accident or technical glitch, and just because they chose the right PR move after they got busted, that doesn?t make them a company I can trust.



    Doesnt apple screen apps?



    Apple needs to add more bricks to that wall garden. Maybe a dome?
  • Reply 3 of 26
    If they really want us to trust them, shouldn't they make this an opt-IN service, rather than opt-out? I shouldn't have to hunt for a setting inside the app to turn something like this off, it should explicitly ask me to turn it on.
  • Reply 4 of 26
    just_mejust_me Posts: 590member
    Quote:
    Originally Posted by hittrj01 View Post


    If they really want us to trust them, shouldn't they make this an opt-IN service, rather than opt-out? I shouldn't have to hunt for a setting inside the app to turn something like this off, it should explicitly ask me to turn it on.





    It was probably in their EULA
  • Reply 5 of 26
    Quote:
    Originally Posted by Just_Me View Post


    It was probably in their EULA



    Doesn't matter. Apple doesn't allow it at all.
  • Reply 6 of 26
    just_mejust_me Posts: 590member
    Quote:
    Originally Posted by Tallest Skil View Post


    Doesn't matter. Apple doesn't allow it at all.



    Well Apple screwed up. They should have denied the app.



    More bricks on the walled garden
  • Reply 7 of 26
    irelandireland Posts: 17,751member
    Nearly sounds like a clever marketing trick this whole thing.
  • Reply 8 of 26
    kpluckkpluck Posts: 500member
    Quote:
    Originally Posted by Just_Me View Post


    Well Apple screwed up. They should have denied the app.



    More bricks on the walled garden



    Exactly. This exposes a enormous problem with Apple's procedures if an application can get approved while doing something like this.



    From what little I have seen on this incident, Apple seems to be getting a pass in the coverage and I don't understand why. Has any person/site covering this asked Apple about what went wrong and what are they planning to do to prevent something like this in the future?



    I heard an iOS developer talking about how easy it is to get bad behavior around Apple's approval process. He said that all he has to do is have the app check for a date past the time Apple would have approved the app. Once that date arises, the app would then go out to his web site and get instructions that would change its behavior. The developer indicated he is already using this technique to collect data that Apple wouldn't normally allow.



    Walled garden indeed.



    -kpluck
  • Reply 9 of 26
    just_mejust_me Posts: 590member
    Quote:
    Originally Posted by Ireland View Post


    Nearly sounds like a clever marketing trick this whole thing.





    next cleaver idea. Steal peoples apple I'd and use it to buy your app
  • Reply 10 of 26
    gtrgtr Posts: 3,231member
    Quote:
    Originally Posted by Just_Me View Post


    next cleaver idea. Steal peoples apple I'd and use it to buy your app



    Pwned by your spellchecker.



    Damn.
  • Reply 11 of 26
    radjinradjin Posts: 165member
    Yes, we are sorry we copied your information and now have it stored on our servers so we can sell it.
  • Reply 12 of 26
    nagrommenagromme Posts: 2,834member
    Quote:
    Originally Posted by kpluck View Post


    Exactly. This exposes a enormous problem with Apple's procedures if an application can get approved while doing something like this.



    From what little I have seen on this incident, Apple seems to be getting a pass in the coverage and I don't understand why. Has any person/site covering this asked Apple about what went wrong and what are they planning to do to prevent something like this in the future?



    I heard an iOS developer talking about how easy it is to get bad behavior around Apple's approval process. He said that all he has to do is have the app check for a date past the time Apple would have approved the app. Once that date arises, the app would then go out to his web site and get instructions that would change its behavior. The developer indicated he is already using this technique to collect data that Apple wouldn't normally allow.



    Walled garden indeed.



    -kpluck



    I wish Apple would catch these offenders automatically—let the arms race begin!--but neither Apple nor Google does so at present. At the same time, Apple never promised to make this abuse impossible: their policy is simply to disallow it, but it must first be caught.



    This isn’t the first nor last instance, just a high profile one.



    I do think they deserved to be kicked off the App Store even AFTER this fix. That "feels" fair! However, any developer might make a mistake, so that’s a bad policy for Apple to set: imagine if your favorite app accidentally sent data even if you opted out. It should be fixed or get pulled by Apple—and I’m glad fixing it is an option. Punishing the company after the fix would also punishes its users.
  • Reply 13 of 26
    Too bad, because Path 2.0 was a vast improvement over the original version; it was actually fun to use.



    I'm all for giving this company another chance -- in time. But it won't be with my data. I'm still waiting for the final e-mail confirming my Path.com account has been permanently deleted.



    As punishment, Apple should ban this company's apps from the App Store for one year and institute a resubmission fee for the banned app, like $10,000 to cover increased monitoring costs during a three-year probationary period. In addition, Apple should stipulate that account deletion be possible from the app itself. Currently, there is no way to delete an account on their website apart from sending an e-mail to their customer service inbox.



    That would send a far stronger message to other app developers about respecting the privacy of user data.
  • Reply 14 of 26
    Quote:
    Originally Posted by nagromme View Post


    I wish Apple would catch these offenders automatically?let the arms race begin!--but neither Apple nor Google does so at present. At the same time, Apple never promised to make this abuse impossible: their policy is simply to disallow it, but it must first be caught.



    This isn?t the first nor last instance, just a high profile one.



    I do think they deserved to be kicked off the App Store even AFTER this fix. That "feels" fair! However, any developer might make a mistake, so that?s a bad policy for Apple to set: imagine if your favorite app accidentally sent data even if you opted out. It should be fixed or get pulled by Apple?and I?m glad fixing it is an option. Punishing the company after the fix would also punishes its users.



    Apple makes point and touts that they examine all the apps that they approve. So either they knew about path copying the entire contacts of users or they were negligent.

    Wall Garden Failed. More bricks on the wall
  • Reply 15 of 26
    Or you can opt-out of Path and never use it again.
  • Reply 16 of 26
    asciiascii Posts: 5,941member
    It's just not credible to me, that they put this feature in, and the privacy implications never occurred to anyone. And I am a person who gives people the benefit of the doubt by inclination. Unless they outsourced development to another country where people have different values, and it didn't even occur to them that people might mind.
  • Reply 17 of 26
    Great to see the howling crowd at it. Too bad there is no nigger to be hung, heh?



    Sometimes, you people are despicable.



    Suddenly, everyone's a dev company, with years of experience in management of men AND complete understanding of Apple processes? Come on. Those guys MAY have tried to play un-nice. They also may have made a honest mistake. It's Apple's to decide. Don't burn the guys yet.



    This is not Mississippi, 1830. There is a legal system. There are rules in place. And by the way, how many of you buy games at EA and Sony? If you're SO DISTRAUGHT by such "horrible practices", shun them (the bigger, multibillion companies) first. Sue them. Don't just go with the crowd.
  • Reply 18 of 26
    Quote:
    Originally Posted by ascii View Post


    It's just not credible to me, that they put this feature in, and the privacy implications never occurred to anyone. And I am a person who gives people the benefit of the doubt by inclination. Unless they outsourced development to another country where people have different values, and it didn't even occur to them that people might mind.



    And of course, you perfectly understand all the programming in the app, since the source is open and you know Objective-C? You also know exactly how competitors apps work, since they're also opensource?

    Gimme a break.
  • Reply 19 of 26
    Quote:
    Originally Posted by Just_Me View Post


    Apple makes point and touts that they examine all the apps that they approve. So either they knew about path copying the entire contacts of users or they were negligent.

    Wall Garden Failed. More bricks on the wall



    Apple doesn't. They have some automated tests and some human screening. They can't just test everything or they'd need human readers to go through the source of everything, which would raise monopoly issues. Imagine if Microsoft demanded access to the source of every Windows program ever made to authorize it to run?
  • Reply 20 of 26
    Question: who's Arun Thampi. Why was he reverse engineering that software without permission? Doesn't that actually break the law?
Sign In or Register to comment.