There’s a reason why today’s news that Path was uploading its users’ entire address book to its database was stunning — all this time Path has been positioning itself as one of the good guys! … Sort of an alternative to Facebook … a kinder, gentler social network that only wanted to keep things between you and fifty of your closest friends, and then 150. And then …
It’s sort of jarring when a social network bills itself as private, and then quietly sucks up as much data as its leading — and notoriously data grabby — competitor. Still, even Facebook notifies you (via iOS notifications) that it’s grabbing your address book data.
The worst case scenario ramifications of Path’s rushed and poorly implemented contact alert system lie somewhere in murky waters between identity theft or overly aggressive marketing tactics in case of an acquisition.
Path has 2 million users and let’s say they each have a low estimate of about 50 contacts in their iPhone, all in all that’s 100 million addresses in the Path database — a database which we know very little about the security of. It’s even more jarring when you realize that this data is being uploaded in plain text and not hashed when hashing — which isn’t a complete fix — actually doesn’t take much more effort.
Sure Path isn’t the only culprit (soon afterwards it was revealed that photo sharing Hipster also does this) and probably hundreds of apps are getting away with this in the iOS store at this second, which begs for a solution from Apple itself — i.e. it should lock down the address book API and notify users itself when apps want to get their grubby fingers on it.
Image: Niklas Hellerstedt
Path is the simple and private way to share life with close friends family.
Founded by Dave Morin, previously Co-Inventor of Platform and Connect at Facebook with Shawn Fanning, creator of Napster, and Dustin Mierau co-creator of Macster.