Path App Uploads And Stores Your Contacts Without Permission
Path is an iOS app that lets you share your thoughts, photos, videos, check-ins and more with your friends. It does sound like the mobile version of Facebook, however that’s not what we’re going to discuss today. Apparently, the Path app, stores all your iPhone contacts including email addresses and other information on their own servers. The main concern here is that the app never asks for the users permission to do so.
Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path. Now I don’t remember having given permission to Path to access my address book and send its contents to its servers, so I created a completely new “Path” and repeated the experiment and I got the same result – my address book was in Path’s hands.
Dave Morin, the co-founder of the app quickly replied to this and confirmed that they indeed stored user contacts, but it was only for letting the users know of friends/family who were already on Path.
Arun, thanks for pointing this out. We actually think this is an important conversation and take this very seriously. We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently as well as to notify them when friends and family join Path. Nothing more.
We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval.
Co-Founder and CEO of Path
This is an important issue and various other developers have also questioned the co-founder for the Paths’ ways of uploading user contact information. The CEO has confirmed that the new update due to release soon will take care of this issue, however, it looks like it has already done the damage. If you’re concerned about Path storing your contact information and want them to delete it from its servers, you can send an email to firstname.lastname@example.org and ask for it.