A week ago, it was discovered that the popular social networking app Path uploads users entire address books to their servers. They’ve since apologized and nuked the data. But Path’s not the only ones doing this: other high profile companies like Twitter are also doing it. And Apple’s letting them.
Not so surprisingly, Congress isn’t liking what it’s hearing about the address book security issue. In fact, House Energy & Commerce Committee Chairman Henry Waxman and Commerce Manufacturing and Trade Subcommittee Chair G.K. Butterfield have written Apple a letter asking some hard questions about how Apple has allowed this to happen, and “whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.”
You’d be forgiven for thinking that unauthorized iOS apps obtained from the likes of Cydia aren’t as careful with your personal data as those approved by Apple for sale in the App Store. In fact, the opposite is true. Jailbroken iOS apps respect your privacy more than those obtained from the App Store.
By hashing your contact details, Path could have avoided a scandal
Last week, the web exploded with the news that social iOS app Path was uploading your entire address book to its servers, and then keeping it there. Worse, it was sending and storing them in plain text (although the connection was at least SSL-encrypted). Clearly, having Path notify you when your friends join the service is handy, but is there a way to do this without compromising your privacy? According to Edinburgh iOS supremo Matt Gemmell, there is.
Caught up in a maelstrom of controversy over revelations that Path has been uploading iOS users’ address books to their own servers, Path CEO David Morin has spoken out about what’s going to happen now.
It’s all good news. Not only is Path taking full responsibility, and apologizing whole-heartedly for the violation, they’ve also pushed live a new update to the Path app that makes uploading your address book opt-in. But will other developers follow Path’s lead?
It’s a big privacy violation, but Path’s hardly the only one doing this. In fact, computer engineering professor Mark Chang has just discovered that Hipster, the popular photo-filter postcards app, does the exact same thing as Path: sucks up your contacts and squirts them into their servers.
It’s common practice for third-party apps to access and even store your contacts elsewhere. The problem with Path is that there was no indication that this activity was taking place. Path’s CEO stated that the app would make the activity opt-in when the next update is pushed out.
Thanks to a brand new jailbreak tweak, you’ll never have to worry about an app silently stealing your personal contacts data again.
In what can only be considered the very definition of irony, it has been discovered that Path 2 for iPhone secretly uploads and stores your entire address book to its servers. In case you didn’t know, Path is a hot iOS app that offers an exclusive, confined social network experience with a limited number of people. Unlike Facebook, Path only lets you accept 150 friends, indicating the intimate, safe environment that the app creators want users to feel at home in.
Developer Arun Thampi has uncovered that Path’s current iPhone app sends all of your contacts to its servers without notifying you. Oops.