In the wake of the Path privacy debacle, in which we learned that the social networking app was uploading and storing users’ entire address books, we questioned whether Apple and its policies were partly to blame for the situation. While the developer guidelines may have been fuzzy enough that we can’t fully answer that question, today Apple has issued a statement on the topic that makes the company’s intentions a little more clear.
The problem stems from the fact that Apple’s developer guidelines have mainly been used to prevent apps from tracking and saving information about a user’s location without that user’s explicit permission. Within its iOS app guidelines Apple says, “Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.” After reading that our question was what constitutes “data about a user”? Do address books fall into that category? The vague language here may be why Path and several other apps slipped by unnoticed.
Yesterday an Apple spokesperson, Tom Neumayr, told AllThingsD “Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.” So while we can’t say what Apple’s intentions were in the first place, they’ve made it clear that from here on out, they expect apps to explicitly ask for permission before uploading users’ address books like Path.
In response to the outrage, Path has added an option within the app to allow users to opt-in to uploading their address books. It certainly makes us wonder just how safe our information is when we regularly use apps for everything from maps to finances to photos. At least after today we have a clearer picture of what Apple expects from its developers.