iPhone Developer Messes Up Badly, Forgets to Ask Permission to Upload Users' Address Books

An opt-in is being prepared in the next update but it might already be too late

By on February 8th, 2012 22:01 GMT

An application called Path described as a "smart journal" for iPhone owners appears to be breaking some of the App Store guidelines for developers, specifically those that say an app shouldn’t transmit personal content without their express consent.

Arun Thampi, a Singapore-based iOS developer, made the discovery as he was using the iOS app, Path, in a hackathon.

“Now I don’t remember having given permission to Path to access my address book and send its contents to its servers,” he wrote on his blog, “so I created a completely new ‘Path’ and repeated the experiment and I got the same result – my address book was in Path’s hands.”

Troubling, to say the least, but Dave Morin, the CEO of Path, quickly responded.

“Arun, thanks for pointing this out. We actually think this is an important conversation and take this very seriously,” he said. “We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently as well as to notify them when friends and family join Path. Nothing more.”

“We believe that this type of friend finding & matching is important to the industry,” Morin continued, “and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval.”

Of course, that doesn’t make things much better. Whatever fix is on the way, Path clearly breaks some App Store “laws” at the moment.

According to one commenter on Arun’s blog, “17.1 and 17.2 of the approval guidelines specifically forbids what [Path is] currently doing."

"17.1: Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used;

"17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected."


Per these guidelines, Path stands to be pulled from the App Store before it gets the 2.0.6 update. Unless, of course, the company works it out with Apple.

1 Comment