iPhone App Downloaded All Your Contacts Without Permission...Then Apologizes

Earlier this week, it was revealed that Path -- an iPhone app with 2 million users that provides a journal or "path" of "your life on the go" -- downloaded the contact lists from phones to its servers without users' permission. The company quickly apologized as backlash over this violation spread, deleted all the contacts it had acquired and released a new app that asked permission before downloading contacts.

A Reuters report states that this a classic example that while even though people are becoming increasingly desensitized over the information they provide on the Internet and with apps on mobile devices, not asking permission is a deadly mistake.

Arun Thampi wrote on his blog earlier this week the discovery that his entire address book on his iPhone was being sent to Path. At the time he said:

I’m not insinuating that Path is doing something nefarious with my address book but I feel quite violated that my address book is being held remotely on a third-party service. I love Path as an iOS app and I think there are some brilliant people working on it, but this seems a little creepy. I wonder how many other iOS apps actually do the same…

Naked Security Sophos also pointed out that another blogger found a second iPhone app called Hipster was conducting similar activity.

Thampi was soon contacted by Path's co-founder and CEO Dave Morin, who thanked him for pointing this out and said that the company, which launched in 2010, "[uploads] the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently as well as to notify them when friends and family join Path. Nothing more."

Within a day, Path issued a formal apology on its blog and released an updated version of the app, which asks permission from users before downloading the contact list. Morin wrote:

Through the feedback we've received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.

[...]

We care deeply about your privacy and about creating a trusted place for you to share life with your close friends and family. As we continue to expand and grow we will make some mistakes along the way. We commit to you that we will continue to be transparent and always serve you, our users, first.

The company has been lauded for its response to user outcry, with some who said they were leaving app now returning. But others are still not so quick to forgive.

Several social media groups have come under fire for not asking for permission or user input before making changes. Google most recently has received criticism for updates it plans on making to its privacy policy and its new "Search, Plus Your Life" feature. Facebook has had several run-ins with users for not being transparent with changes. In fact, in November of last year, the company settled charges with the Federal Trade Commission over misleading users and has committed to 20 years of audits and requiring "opt-in" features instead of "opt-out" as it had previously used.

With this larger issue of app privacy ,Hipster, which also issued an apology for downloading information without permission, has called for a conference to discuss among varying groups.