Path admits mistake, allows users to opt out of contacts database


Mobile social networking vendor Path apologized to its users and said it will allow them to opt out of its contacts database. The apology stems from a developer who found that Path was uploading users' entire mobile address books to a Path database without the users' consent.

Path CEO and co-Founder Dave Morin


Path CEO and co-Founder Dave Morin admitted to the slip on the company blog. "Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts," he wrote. "Through the feedback we've received from all of you, we now understand that the way we had designed our 'Add Friends' feature was wrong."

Morin added that the company is committed to regaining its users' trust. "So, we've deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path."

The company also announced an update to the Path app. "In Path 2.0.6, released to the App Store today, you are prompted to opt in or out of sharing your phone's contacts with our servers in order to find your friends and family on Path," wrote Morin.

Users can opt out of the service at any time by emailing, at which point the company promises to remove all of the user's contact information.

Developer Arun Thampi first discovered the issue while observing various API calls made to Path's servers from its iPhone app. "Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path," Thampi wrote on his blog.

Although it seems Path's role in the controversy is over, the issue may develop legs. According to at least one informal survey of iOS developers, 13 out of 15 iOS developers said they have collected users' address book information. The situation stems from Apple's opening of its address book APIs, thereby alloing iOS developers access into users' address books. 

For more:
- see the Path blog entry
- read this PCMag article
- see this MobileBurn article

Related articles:
Path slammed for uploading users' mobile address books
Lawmaker Markey unveils Mobile Device Privacy Act
How mobile security is fueling subscriber insecurity
MMA finalizes Mobile Application Privacy Policy guidelines
FTC moves to tighten digital privacy protection rules for kids