Did I Ever Agree To That?
Recently, a developer named Arun Thampi discovered that the iPhone application “Path” had been uploading all of his address book contacts to it’s servers without his consent or knowledge. Once his discovery spread like wildfire across the media, co-founder and CEO Dave Morin quickly responded with a comment on Thampi’s site:
“Arun, thanks for pointing this out. We actually think this is an important conversation and take this very seriously. We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and family join Path. Nothing more.”
“We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval.”
I personally think this is a lame excuse for their actions and doesn’t excuse them from what they did.
It was later discovered that once they had your information, they sold it to other company servers (if you are getting spam, now you know why). Apple’s iOS App Guidelines policy “requires all apps to get a user’s permission before ‘transmitting data about a user.'” How Path was able to get around that is still a mystery, but somehow it happened. As a result of Path’s actions not only are they themselves facing a PR and CRM nightmare, but Apple as well. In order to “fix” the issue,”Path” plans on releasing another version of their software that will ask users if they want to opt in or out of sharing their information. Keep in mind that just because they ask you if you would prefer to opt out, doesn’t mean they won’t take your information anyways! It is important that a company remains transparent and upfront with their customers. We all know no one reads those lengthy EULA’s, so I feel a company should always bring attention to the fact that they are using personal information, even if they need to restate it outside of the EULA. ”
I myself had “Path” on my iPhone but once I found out about their shady behavior I deleted it and wrote them an email. Granted I didn’t use the app all that much, but they had my information regardless. In the email I told them to delete all the personal information they had taken from me off their servers and the servers belonging to the companies they sold it to. I ended the email asking them to respond to me once they had done what I asked as a form of confirmation. As an ex “Path” customer and a human being, I feel that I have the right to ask this from them and for them to follow through with it. What they did was not right and violated my privacy. To all those who have used “Path”, I suggest you ask them to do the same. It will be interesting to see how many other apps will be brought into the light as a result of the same issue.