Earlier this year, Path inspired the ire of the Internet when it was revealed the app was uploading users’ entire address books without proper permissions or security measures. Now Path is further addressing what soon spiraled into Addressgate (as it turned out, a handful of apps were using a similar contact list-loading mechanism).
After initially issuing an apology and making the feature opt-in, Path will also begin hashing user data. “We take privacy and security seriously, and we believe your data deserves to be well-protected,” the company announced via its blog. “That’s why, with the release of Path 2.1.1, we are enhancing our security by hashing user contract data so that it is anonymized.”
Hashing is a mechanism that turns your plain text data into a string of seemingly unintelligible letters and numbers. To the human eye, it’s unreadable, but Path’s servers are able to translate it. It’s virtually a win-win and when the entire story broke many were shocked that Path (and the other guilty parties) weren’t using this system to begin with.
It’s a big (and very necessary) step forward if Path is going to make good with users. And it makes me wonder how many of the other accused apps have updated their systems. Twitter, Instagram, and Foursquare responded fairly immediately, but until Apple makes some changes things could slip through the cracks. Apple initially said that these apps were in violation of iOS guidelines and that it would treat the situation similarly to backlash over location sharing. Congress is in the process of questioning the company as well as app developers (including Path) regarding how user information is collected.
Does it all make anyone else wonder why these sort of precautions weren’t being taken before? Anonymizing sensitive data isn’t unheard of, and if developers can still make sense of all the user information they need via systems like hashing, then was the reason pure laziness? We’ve gotten many apologies and many fixes, but no real explanations. It seems bizarre that any social startup would skip a step this important, so it’s all sort of mind-boggling. Whatever the origin of the problem, it appears that the major players are making the necessary upgrades and that Apple will likely be required to make sure future developers don’t make the same mistake.
