Chris Alexander

On Engineering

Its not Paths fault. Its Apples.

8th February, 2012

The internet has been in its typical temporary outrageous uproar over Path’s uploading of user address books, as you might well expect. However it’s hardly Path’s fault.

Consider that there is no “official” way for iOS apps to get your contact data like this. There is a workaround method, which any app can do it seems, which is what Path did.

Note that on Android, Path uses an Android SDK to load in the contact data. To do so, it must request permission to do so when it’s installed. Look below, there’s the app asking to access your contacts (note I don’t have it installed and don’t intend to, mostly because I checked the permissions it wanted before I hit the “Install” button and didn’t really want it fetching stuff from my contacts).

So the lesson here is Path took the contact data because they could and there was nothing to stop them. Clearly this is a problem with iOS (and, so far as I can see, a gigantic nasty security hole that makes me wonder whether I should just totally nuke my iPad and iPod in case apps on them are retrieving other stuff I really don’t want them to) which needs to be addressed quickly.