Path, a mobile social-network app developer for Apple, acknowledged on the company’s blog that it has been transmitting and storing iPhone users’ address books without their knowledge through its Add Friends feature. After a day or two of consumer outrage, Path co-founder and CEO Dave Morin gave in to pressure to delete the company’s entire collection of user-uploaded contact information from its servers. Initially, Path had asked customers to submit an email request to have their information removed.
Morin also said that Path’s newest app will let users opt in or out of sharing their phone contacts with its servers and that those who opt in can revoke access at any time. Path’s Android version already had an opt-in setup, but until a few weeks ago users who installed the app had to agree to share their contacts (which many people did not realize they were doing).
It’s great that Path acted quickly and erased all the information, but the incident never should have happened. After all, if Apple can let its device users hide location data, there’s a way to do the same with address-book data.
The truth is that app makers on any platform aren’t very up front about what people are agreeing to when they install the apps. Even if permission is required, and users agree to share their personal information as a condition of installing the app, such cart blanche agreements generally let app developers make changes to the permission, therefore bypassing the built-in security without the user realizing it.
App developers are playing a dangerous game — one that could come back to haunt the industry as consumers start to resist at the relentless invasion of their privacy.
It’s legally dangerous when you consider that app developers are downloading the personal information of people who did not give their permission. And what about the number of apps downloaded by children and teens who cannot enter into legal agreements? The industry will claim that users should have known what they were agreeing to, but that won’t be enough to stop the onslaught of lawsuits, restrictive legislation and lost good will that’s sure to follow if a consumer or business can show real damage caused by the app developer’s lifting of personal information. (Ask Path how it’s doing.)
And because device makers such as Apple and Google (NASDAQ:GOOG) have a say in how apps are developed for their platforms, they won’t be let off the hook. If app developers believe they need customers’ personal information to remain a viable contender in the App Store, perhaps they should find another way to get it. Paying consumers for it is one option.