Path, the popular social network that competes with the likes of Instagram, may be uploading your iPhone’s entire address book up to its servers. Arun Thampi from mclov.in noticed the Path app’s steal data dump while trying to create a Mac OS X application for the social network during a hackathon. “Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path,” Thampi said, noting that Path didn’t ever ask for permission to do so. It’s unclear why Path is uploading the iPhone’s entire address book, but Thampi noticed that the social network performs the action during an API call with basic HTTP authentication. It remains unclear if Path’s Android application is also guilty of uploading personal information. Thampi has instructions on how to catch Path in the action on his blog. Also Read - iOS 14 will let iPhone users protect their precise location data from apps: Here’s how
UPDATE: A response from Path’s CEO follows after the break. Also Read - Facebook shares data of inactive users with thousands of developers; can’t seem to learn
Arun, thanks for pointing this out. We actually think this is an important conversation and take this very seriously. We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently as well as to notify them when friends and family join Path. Nothing more.
We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval.
Co-Founder and CEO of Path