There’s a lot of press attention being paid today (by TNW as well) to Path. The life-journaling app has found itself in a tough position after it was found that it is accessing Address Book data and uploading it to its own servers without gaining express permission from users to do so. But there are bigger issues at hand here, and nobody seems to be paying attention to them.
First off, it’s worth noting that most companies aren’t building applications that snag your data and then do malicious things with it. There are exceptions, but I can wholeheartedly assure you that most of the startups I speak to have no clue that the data they’re collecting can be used to further their business, much less do they have intention to do anything “evil” with it.
A developer that I spoke to today about the Path debacle stated it best:
“These features are created benevolently. For companies with good intentions, they get looped under the Facebook umbrella.”
The problem is that almost all of us now base our ideas of personal data privacy off of our interaction with Facebook. The social network has, by and large, made very poor decisions about how it handles our personal info and we all are well aware that it’s using that information to sell us as products. Yet nearly a billion people continue to use Facebook every single month.
“17.1: Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used”
If that is indeed the case, then Apple has let Path slip through the cracks. Perhaps it’s because the app is widely well-recieved, but that doesn’t exonerate Apple’s process from its responsibility to fully check that an app isn’t doing things that it’s not supposed to.
But Path is far from alone in its transgressions. We’ve heard from developers, both publicly and privately, that there are other apps that do this exact same thing and nobody has said a word about them. Again, two wrongs don’t make a right, but it’s well worth noting that Path has probably only come under fire because of its popularity, thereby making it more likely that someone would dig around and find the flaw.
The other question that has to come up is this: Why hasn’t Apple set the flag for the address book to be inaccessible by default? It seems logical that access to the iOS Address Book should be relegated only to Apple’s own apps, or by requirement of specific permission on behalf of the user.
So Path isn’t without fault here, but it certainly doesn’t seem malicious. Apple isn’t innocent in all of this either. A bigger part of the problem is how we as users see our privacy. Invasions of it seem to be fine as long as they’re handled well and we benefit from them. For Path, it’s not the end of the journey, but rather just a bump in an otherwise-pretty road.