Path pays dearly for stealing your iOS address book data

By , Feb 1, 2013

Path 2.5.6 for iOS (iPhone screenshot 001)Path 2.5.6 for iOS (iPhone screenshot 004)

The private social network Path was off to a great start following its iPhone app launch in November 2010. The success was, unfortunately, short-lived as the company soon found itself at the epicenter of intense public scrutiny after it was discovered it had been uploading iOS users’ address book to its servers without their explicit permission. Even though Path did apologize and update the app with the necessary changes and user prompts, the startup never really recovered from the eerie privacy scandal.

And as a result, Apple on its end introduced deeper privacy options in iOS 6 so users can select on a per-app basis which apps can access their contacts, calendars, reminders, photos and more. And now comes word that on Friday The Federal Trade Commission (FTC) announced that Path has agreed to pay a whopping $800,000 fine…

The agreement with Path is to settle the FTC charges that it “deceived consumers and improperly collected personal information from users’ mobile address books”. Specifically, the $800,000 fine covers Path allegedly “collecting kids’ personal information without their parents’ consent”.

Such an outcome is the worst thing that could happen to any aspiring social network, let alone one that prides itself from being a safe haven for sharing personal stuff with your closest friends and family.

It gets even better:

The settlement requires Path, Inc. to establish a comprehensive privacy program and to obtain independent privacy assessments every other year for the next 20 years.

Path commented on the settlement in a statement posted on its web site:

The gist of the FTC’s complaint is this: early in Path’s history, children under the age of 13 were able to sign up for accounts. A very small number of affected accounts have since been closed by Path.

As you may know, we ask users’ their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13.

Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created.

The FTC took issue with Path’s misleading handling of an “Add Friends” feature. As you’re probably aware, Path automatically collected and stored personal information from the user’s mobile device address book even if the user had not selected the “Find friends from your contacts” option.

path
Path could have easily avoided the whole privacy brouhaha had it only implemented this simple prompt in the initial release.

The extent of personally identifiable information that ended up on Path’s servers was worrying: for each contact in your iOS address book, Path automatically collected and stored first and last names, addresses, phone numbers, email addresses, Facebook and Twitter usernames and dates of birth.

And now, Path is mulling paid accounts.

Both Congress and the federal government appear to take these privacy issues seriously, with the FTC launching a probe of consumer privacy in the age of apps. Some House members are now proposing tougher restrictions on what data advertisers can obtain from app users.

And now, the FTC has proposed new guidelines for app developers, including a new ‘Do Not Track’ feature because mobile devices “facilitate unprecedented amounts of data collection”.

While we’re at it, can FTC please look into WhatsApp’s handling of private data?

  • Share:
  • Follow:
  • Lordthree

    Wake me up when google pays a reasonable fine for the safari tracking data.

  • Falk M.

    For the next 20 years? Bwahahaha… That stings.

    IMHO they got away pretty well if you ask me.
    Such invasion of privacy should be fined much, much harder because they know EXACTLY what they are doing.

    • pawfyd

      are you serious? who would have thought you could pay ANY money for such a stupid thing.

      • Falk M.

        I see you don’t value your data and that of all your friends.
        Fair enough. Where do you come from?

      • pawfyd

        Lots of apps use your contacts data. The only deifference is that they usually ask you for permission, but people agree anyway I guess. It’s just contact data, even if someone knows it what could happen? It’s not your photos, not your private messages. Only contacts…

      • pawfyd

        Plus it’s not used for any wrong things.

      • Falk M.

        Well, I think we’ll never agree, so let’s just end it there. :)

      • Milo

        Lucky I’m not ur fren. I will definitely not give u my contact if I know u.

      • Pashto

        Agreed, this is stupid.

  • http://www.facebook.com/liamsagooch Liam Googolplex Merlyn

    So they got hit with a massive $800,000 fine, who gets that money? Does it go to government or those who were affected? Or do I even need to ask?

  • Obsidian71

    Screw the FTC. Path never did anything malicious with the contacts. Total BS