The Verge - iOS address book privacy: app developers and Apple respond

Path will pay $800,000 in FTC settlement over privacy controversy

2013-02-01T15:44:56Z

Last year, social networking app Path came under fire when it was discovered that the company was collecting contact data from user address books without permission and storing that information on its servers. Today the company has reached a settlement with the Federal Trade Commission, with terms that require Path to receive privacy assessments for the next 20 years and establish what the FTC calls a "comprehensive" privacy policy. It will also have to pay a fine of $800,000 for collecting information from children without obtaining parental consent. Path admits that early in its history, it accepted signups from users under the age of 13. “This settlement with Path shows that no matter what new technologies emerge, the agency will...

OS X 10.8 Mountain Lion Developer Preview 2 released; asks permission for contact access

2012-03-17T05:01:03Z

Apple is working towards the summer release of OS X 10.8, aka Mountain Lion, and to that end it's released a 2nd Developer Preview to, well, developers. The change log shows that there are still a lot of unfinished edges in the OS, from Game Center to AirPlay to the Notes app. However, one thing you wouldn't know until you ran it is that there's a new privacy feature. Dustin Curtis discovered that when an app attempts to access your contacts, OS X pops up a dialog box asking your permission. Once you grant it, there's a new section in the Security preferences that lists all the apps you've granted permission to.

Obviously, the feature is a response to the privacy issues that were raised last month with iOS, which allows any app to access...

Path will protect private user data with 'hashing' in next release

2012-03-08T20:18:16Z

Path's big 2.1 release today comes with a promise of another update coming shortly: version 2.1.1. The extra .1 on the end represents Path's intention to add "hashing" to any contact data it collects. The move is obviously a response to the fact that Path experienced the brunt of the contact collection drama last month, when it was revealed the the company was collecting address book information from its users. In response, Path deleted the data, apologized, updated its app to request permission, and has begun working with TRUSTe to get privacy certification (it's not quite there yet). Path is also taking a bit of a lead in trying to continue the conversation about mobile app privacy, working with Lookout Mobile Security. Path was...

Apple: iOS to require explicit permission for contact data in 'future software release'

2012-02-15T19:04:22Z

Following a full week of drama about the unfettered access all apps have to iOS contacts, Apple has finally weighed in. Apple first reiterated its already-existing policy that apps weren't supposed to be accessing or uploading contact data without explicit user permission, "apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines." However, that policy clearly hasn't prevented a large number of apps from accessing that information, so Apple added that it intends to update iOS to require "user approval" for getting contact information:

We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data...

Congress sends Apple letter filled with questions about iOS address book privacy

2012-02-15T17:39:06Z

The iOS address book row is no longer just a tempest in the internet's teapot: members of the US Congress have just sent a letter to Apple, demanding answers about its app approval process and the privacy and security of data that's accessed or transmitted by iOS apps. The letter follows a wave of complaints and bickering this week that ignited with the revelation that Path was uploading data from iPhone address books without asking for explicit permission. Path has since apologized to its patrons and purged their personal data, but as we've independently confirmed, the problem presented by the faux pas persists — any iOS app has complete access to an ample amount of data that's on your iPhone, including the address book and calendar....

iOS apps and the address book: who has your data, and how they're getting it

2012-02-15T01:22:25Z

Over the course of the past week, a firestorm has erupted in the world of iOS apps, thanks to the discovery that Path was uploading data from your iPhone's address book without asking for explicit permission. Upon opening the app and registering, Path automatically uploaded your contact data in order to "find friends" that you might want to connect to. Path has since apologized and updated its app, but the problem exposed by the episode remains.

Stated simply: any iOS app has complete access to a large amount of data stored on your iPhone, including your address book and calendar. Any iOS app can, without asking for your permission, upload all of the information stored in your address book to its servers. From there, the app developer...

Path CEO apologizes for address book uploading, deletes all user data, and updates app with privacy controls

2012-02-08T20:47:59Z

Path has moved quickly to try and quell the backlash stemming from the social networking app's practice of uploading users' address books to the company's servers. CEO Dave Morin just posted a lengthy apology on Path's blog, saying "we are deeply sorry if you were uncomfortable with how our application used your phone contacts." The company has also just released an update to the iOS app that allows users to opt in or out of sharing their address book with Path's servers. As he did yesterday, Morin states explicitly that Path only uses your address book to improve the quality of the app's "Add Friends" feature and also to notify you when one of your contacts joins Path, but he also acknowledges that users "should have control when it...

Path iOS app uploads your entire address book to its servers

2012-02-07T23:18:02Z

When developer Arun Thampi started looking for a way to port photo and journaling software Path to Mac OS X, he noticed some curious data being sent from the Path iPhone app to the company's servers. Looking closer, he realized that the app was actually collecting his entire address book — including full names, email addresses, and phone numbers — and uploading it to the central Path service. What's more, the app hadn't notified him that it would be collecting the information.

Path CEO Dave Morin responded quickly with an apology, saying that "we upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and...