Mobile app developer Path found itself in a tricky spot this last week when it was caught uploading an iPhone user’s entire address book to their servers without permission. Needless to say the outcry was loud, and Path responded appropriately by deleting all user information from their databases, issuing an apology, and pushing out an updated iOS app that now gives the user control. It’s the right move, but is that the end of the story?
According to PC World, it’s not so simple:
In 2010, questions were also raised about how Path handled users’ address books. At the time, Path said it was not storing any user information on its servers.
“Path does not retain or store any of your information in any way,” CEO and co-founder Dave Morin told Gawker then.
That was Path 1.0, and by 2.0 the app was handing over personal data, so this was clearly a conscious decision and not a lingering bug in the software. This raises a serious question: should Apple be more diligent in protecting user data? Is there a way for apps that are submitted for approval to be vetted for this type of information leak? I’m thinking yes, and I would bet that Apple will change their approval process as a result. They’ve been practicing this type of privacy protection for a while with location data on iOS, so that any application that wants to know where you are requires explicit permission and a notification icon appears at the top of the screen. It seems to me that information like your personal address book should be elevated to at least that level of scrutiny.