(2012-02-07) Pathcom Scraping User Address Book Without Permission

PathCom has been scraping its users' Address Book data without permission. Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path.

Dave Morin commented: We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently as well as to notify them when friends and family join Path. Nothing more. We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval.

In Nov'2010 Morin said they weren't retaining any data, but they changed their mind in Mar'2011 without telling anyone.

It sounds like all IOS apps can be doing this, also without permission/notification.

Feb14: people are looking in to what other IOS apps are guilty. FaceBook, Twitter, Instagram, FourSquare, Food Spotting, YelpCom, and Go Walla are among a smattering of iOS applications that have been sending the actual names, email addresses and/or phone numbers from your device’s internal address book to their servers, Venture Beat has learned. Several do so without first asking permission, and Instagram and Foursquare only added permissions prompts after the Path flare-up.


Edited: |

blog comments powered by Disqus