By Brad Chacos on March 6, 2012 in
Would you share all the contact details of your closest friends and family with a random stranger? How would your grandmother feel if you started handing out her phone number and address? Path, an up-and-coming social media network, found itself in hot water recently after researchers discovered the company's iPhone and iPad app uploading users' Contacts without any permission or prompting. Obviously, that's bad -- but Path isn't the only app digging through your virtual rolodex without your consent. What will the fallout from the latest privacy ruckus mean to you?
A Path less traveled
First, some quick backstory on Path; basically, it's a social media network built for folks suffering from Facebook Friend fatigue. Path encourages users to connect with only their closest friends and family members to create stronger online bonds.
To that end, Path suggests connections from iPhone users' contacts and frequently emailed friends. Sounds logical, right? It is -- the issue with Path was that it didn't tell users it was sticking its hand in the Contacts cookie jar.
But Path's not the only one
Hipster and Foursquare, two other social networking apps, were also found to be tapping into iPhone Contact lists without permission. All three services quickly apologized and issued updates that clearly spelled out their thirst for contact information. You now have to give those apps specific permission to upload your contacts. (Better late than never!) Path also erased the ill-gotten contact information previously stored on their servers.
You may be giving other apps the go-ahead to scour your contacts more deeply than you realize. Several apps -- including LinkedIn, Twitter, Yelp, Gowalla and Foodspotting -- draw on your Contacts information after you use their "Find friends"-type features, TheVerge.com reports. While you may say "duh," the apps don't explicitly disclose that they are taking information from your address book. That data isn't limited to email addresses, either; some programs upload every bit of contact information, including phone numbers. Path even uploaded physical addresses.
To make matters worse, some companies keep that sensitive data for a long time. Path had no formal plans to ever ditch address book data. Twitter recently told the LA Times that it mines all the information in a user's Contacts after the "Find friends" feature is used -- and it stores the details on company servers for 18 months.
Apple and the U.S. government respond
Apple stayed mum on the issue until Congressional Representatives Henry Waxman and G.K. Butterfield wrote CEO Tim Cook about the privacy violations, AllThingsD reports. "Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," an Apple spokesman told the publication.
So, Path (and Hipster and Foursquare) were violating Apple policies that they'd agreed to uphold. Apple could have left things at that, but the company's going a step further; it plans on rolling out a software update for iOS devices that will force apps to explicitly receive user permission before uploading any Contact information. Android devices already have this feature.
So what does this mean for me?
IPhone apps will soon need to get your specific okay to tap into your iPhone's Contacts, so they won't be able to secretly siphon your friends' information any longer. But why would you grant apps permission to sift through your connections, anyways?
A lot of the nifty features found in the various social apps use information about your Contacts to provide you with better service, such as notifying you when a friend joins the network, identifying which of your pals already have an account, or telling you when one of your contacts performs a certain action.
Without access to your address book, that extra layer -- the "personal touch" -- is a lot harder to achieve. Does that mean you should upload your Contacts to every app that asks for it? That's up to you.* Developers have no excuse for ransacking Contact lists without permission, but keep in mind that without information about your friends and family, social apps are a whole lot less social.
*Actually, PandoDaily.com's Greg Kumparak suggests that it isn't up to you; he says friends place trust in you when they give you their phone number and email address, and you break that trust when you share it with others. That's a discussion for another day, though!
See Our Recommendations
