Yesterday the news circulated faster than a bunk iPhone 5 rumor on a slow news day, Path, the sexy-popular social network for the iPhone, was automatically uploading your contacts to their servers. Today, Path CEO, Dave Morin, took to the web to post an apology and explain to the masses why things were happening the way they were. In the post, titled We are sorry, Morin states:
We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.
There’s doing it, and then there’s doing it right. It’s pretty clear that Dave Morin immediately realized Path’s misstep and took immediate action to clean up the security concerns that its users had with the company storing contacts. Starting today, in version 2.0.6, users are now being asked if they would like to upload contacts to the company’s servers. The process is now opt-in, not automagically uploaded behind your back. It’s a small win, but a win nonetheless for iPhone users.
Yes, it’s a small win. Why? Path is hardly the first, and they certainly won’t be the last service that takes iPhone users’ contact information to provide better friend recommendations within a service. For some reason, Path was the lightning rod for all that pent up security anger that consumers have been harboring for the last couple of years. Facebook’s app currently does it, although they give you a disclaimer. But, God knows what Facebook is doing with that information. In the summer of 2010, Lookout published a study that found that one-third of the apps tested (300,000) on both Android and iPhone not only phoned home, but also transmitted contact lists, or retrieved a user’s location. The App Genome Project (February 2011) has recently found that 11 percent of apps on Apple’s App Store have the ability to access users’ contacts.
Don’t get me wrong, there’s really never a good excuse for accessing personal contacts, or even uploading them without the knowledge of a user. The practice shouldn’t happen, ever. That being said, Path is far from the only big name application that does this to its users.
We didn’t run the article yesterday because Path was just the tip of the iceberg for this problem. We’ve gotten some questions about why we decided not to run it. The short of it was we were giving Path some time to reply. The long of it is that it just didn’t feel right kicking Path underneath the bus that so many other apps ride these days. The whole bus needs to be disassembled instead of one company getting kicked off the ride.
We’re glad Path took the steps necessary to quickly eliminate the problem, but we’re more concerned about all the applications out there that do this that we’re not aware of at this point. If anything, Apple needs to start forcing developers to ask users if they’re comfortable with sending contacts to their servers. Apple requires publishers using Newsstand to have readers opt-in to information sharing, so why isn’t it happening in a market place where anyone can develop and upload an application? We’re skeptical about major publishers having access to contacts, but man, it freaks us out to know that a company like Zynga, or even a random high school kid down the street could completely misuse our contacts, and gain from it financially in some way.
That’s the problem here, not Path. The problem is that somewhere along the way this practice was not only occurring, but that it’s continually being allowed to happen. That needd to change. Props goes out to Path for changing the practice. We love them for it.