Like Path, Hipster Also Uploads Your Address Book To Its Servers Without Telling Users



Social networking app Path hit the headlines yesterday after it turned out the company was taking users’ entire address books and uploading them to their servers.

It’s a big privacy violation, but Path’s hardly the only one doing this. In fact, computer engineering professor Mark Chang has just discovered that Hipster, the popular photo-filter postcards app, does the exact same thing as Path: sucks up your contacts and squirts them into their servers.

Chang writes on his blog:

The Hipster app, in an unsecured HTTP GET request, sends a big chunk of your iPhone address book in the form of an email param that includes a comma-separated list of email addresses…

…[t]his is offensive for a few reasons:

1. Hipster never asked me for permission to send my address book emails to them.
2. Hipster does not say anything (AFAIK) about if they are storing those emails or what.
3. The Hipster app allows you to deselect the “Contacts” button when looking for new friends, but it is enabled by default. Therefore, there is no way to avoid sending address book emails to Hipster, as far as I can tell.

This is ridiculous. When an app needs to access a contacts on Android, the system warns the user. Surely, Apple can program the same functionality into iOS, similarly to the way Location-Based services can work.

Anyone want to make any bets on how many other apps we find have been doing this over the next few days? In the meantime, you can protect yourself from having your contacts downloaded by app developers by downloading this Cydia tweak.

  • antoniofonseca

    By the way, the intelligent use of entitlements seems to be the solution to this problem.

  • Alex

    I’m shocked social networking Apps that collect ( or steal if they fail mentioning it in the EULA )  your personal data so that they can sell it ….

    Isn’t that pretty much the business model for the whole social networking industry ?

  • davester13

    But then you get the same stupid thing that Android does.  Either constant dialogs begging for permission to do X, Y and Z, or a massive up-front dialog with “This app uses A, B, C, D, E, F, G…. Is this OK?” that everybody just clicks through.  Then a separate settings panel for viewing/changing your mind.

  • Ernani T

    I wonder if some of the apps I bought does the same thing.