Path is an application for iPhone and Android that allows you to “share your life with those you love” through a sort of mini-social network designed to flood your friends exciting details about your private life, as “the place where you are” , “with who you are”, “new cities you are going to,” “the time you wake up” and “your sleep schedule.”. Many people benefit from this information, Path encourages the user to establish as much contact as possible. It sends, for example, an e-mail every time “your friends and family join Path”.
How do they know? It’s simple: as was discovered rummaging through the files of the application, Path scans the phone book of users immediately after installation. All the names, email addresses and phone numbers saved on the device. Then it sends the database servers to Path, which it stores. “I did not remember giving permission Path to access my address book” some have said… So I created a brand new account and I made the same observation: my directory has ended up in the hands of Path. The application has become a host-phone, without asking permission or even displaying any warning.
The issue was quickly discovered on Path: after the first wave of outraged protests on Twitter posted by users of Path CEO Dave Morin apologized in due form on the company blog: “Thanks to feedback we received from you, we now understand that the feature “Add Friends” was unreasonable. We are deeply sorry if you were bothered by the operation of your directory. “In the same vein, he announces that its servers removed the entire address books sucked into its memory, and offers you to now download a new version of Path, which is more transparent. “In Path 2.0.6, you can choose or not to send us your phone contacts. If you accept and change your mind later, send us an email and we process your request quickly. ”
If Path was honestly caught with this blunder, media coverage of the case helped raise some awkward questions about how the AppStore, the market for iPhone apps behaves. At no time – or by reading the application form or at the time of download – is the user informed of the “rights” it requires. On the Android Market, to the contrary, the list of permissions requested by an application is clear, and in great detail, before downloading.