Free iPhone app ‘Path’ uploads entire user address book to its servers

An iPhone developer Arun Thampi noticed that Path, a free iPhone app uploads the entire address book of a user to its own servers. He found this out while he working on building an app with Path and he was contacted by Dave Morrin, the Co-Founder & CEO of Path. Arun was implementing a Path Mac OS X app using the awesome mitmproxy tool, he started to observe the various API calls made to Path’s servers from the iPhone app. He then observed a POST request to https://api.path.com/3/contacts/add. When he inspected the matter closer he found out that his whole address book with emails was being sent as a plist to Path. Below is the response from Dave. 

Arun, thanks for pointing this out. We actually think this is an important conversation and take this very seriously. We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently as well as to notify them when friends and family join Path. Nothing more.

We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval.

Dave Morin

Co-Founder and CEO of Path

Source: Mclov.in

Image: Mclov.in / Arun Thampi

Arun Thampi is a Ruby/iOS Developer based in Singapore. He works at Anideo Pte Ltd. – a company which makes high-quality web and iOS apps. The company recently created an app Denso which is a video discovery/aggregator service.

Advertisements

Leave a Reply so we can Thank you

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: