With Path coming in for some intense criticism last week for uploading a user’s entire contact list without their permission, it appears that Instagram has used its most recent update to safeguard itself and its users by introducing a new privacy prompt when matching friend lists.
Path’s friend search didn’t pose much of a security risk, it was simply obtaining a local copy of a user’s contacts to match against its user database. However, the fact it didn’t let the user know it was doing so was what frustrated many and until recently, something that Instagram was also doing.
F**k it, we'll do it live!
Instagram didn’t come in for nearly as much criticism, but by then the outrage had been calmed by Path’s quick response.
When you launch Instagram after installing today’s update, you will be met with a lovely new interface, it’s clever new Lux feature and an additional filter. If you head into your profile and select ‘Find friends”, you will be met with the following prompt (placed side-by-side with Path’s own new message):
Clicking ‘Allow’ obviously gives Instagram permission to upload your contacts and match them to users — as it should do.
Instagram was able to sideload the new privacy feature without drawing too much attention to itself because it had a new fancy UI and added features (it doesn’t mention it in its ‘What’s New’ list). New users will not know the difference and those that haven’t used the contact search feature may assume the notification has been always been there.
The prompt is displayed regardless of whether you are updating or not and will continue to display the warning each time you try to utilise the ‘From my contact list ‘ option.
Many applications on the App Store that have anything to do with address book data, grab and hash the data, saving a checksum and then ditching the plain text data afterwards. However, it was clear some (including Path and also Instagram) didn’t hash content and sent the complete contact list, in plain text.*
Now users are aware that it is happening, app makers are slowly starting to ensure they notify users as to how their data is being processed.
Many other apps may not currently offer the same feature but if they have taken any notice of Path’s actions, they may well be working on incorporating something similar.
However, if you have a jailbroken phone, you can install ContactPrivacy to alert you each time an app tries to access your contact list on your iDevice.
* – Edited for clarity (thanks @mattgemmell).
Follow the latest news from the mobile world every day at TNW Mobile.