After an enterprising hacker discovered a privacy problem in beloved new social app Path yesterday, its creators have issued an update and an apology. “We commit to you that we will continue to be transparent and always serve you our users, first,” CEO Dave Morin writes.
Path was uploading iPhone users’ address books to its servers without asking. Today’s update, version 2.0.6, now prompts users to opt-in to the “Add Friends” feature, which is not mandatory. Path has deleted all the existing contact info from its servers.
This apology is full of refreshing self-consciousness. “As we continue to expand and grow we will make some mistakes along the way,” Morin reminds us. Everybody makes mistakes. And as we wrote yesterday, this was mostly just a procedural mistake. Path added the feature without asking its users first. If it had only alerted its users before uploading their contacts, most would probably have said “yes.”
There are some additional security measures Path could use with this contact information, as Matt Gemmell suggested in yesterday’s thread with Morin. The app could hash the information locally and then upload it. Path hasn’t taken that step yet, but it assures users that the connection is encrypted, and the data are stored behind a firewall. And now that it’s all opt-in, users are in control again.
So Path recovered as gracefully as possible. Do you accept its apology? Or did yesterday’s revelation do too much damage for you to trust the company again? It’s important to remember that you pay for free apps with your data. They’re going to do what they can to collect it, because that’s how they make money.
They should always ask the user for permission first. Apple requires app developers to ask the user for permission before gathering location data, and perhaps it should do the same for contacts. But the bottom line is that responsibility for user data starts with the user.
How much do you care about privacy when it comes to data like this? Is the price of free apps worth it? Share your responses in the comments.