News broke yesterday that the popular social timeline app Path for iOS devices has been transmitting personal data to company servers. The app apparently collects details of your contacts from your iOS device, including names, e-mail addresses and phone numbers, and sends them, via a .plist file, to severs owned by Path. Essentially, Path therefore has access to some personal information which they shouldn’t have access to, without obtaining permission of the user.
According to Path CEO Dave Morin, this situation will be rectified in the future with an update that will require users to opt-in to the information gathering, but the damage has already been done. Now, it’s likely that this information gathering has not been done for malicious purposes and, indeed, Path states that it was done in order to connect users with one another. But, shouldn’t the ability to opt-in have been stated clearly at the outset? In point of fact, where does the responsibility lie in ensuring that apps adhere to a reasonable standard of ethics regarding information collection – Apple or app developers?
Apple has a pretty strict code of conduct for app developers. The App Store guidelines (17.1) state that an app “cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used”. In addition, section 17.2 states “Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected”.
Somehow Path managed to circumvent this requirement, perhaps intentionally, and it wasn’t spotted by the App Store review process. However, Path certainly isn’t the first app to do this. So, should it be up to Apple to be a little more rigorous in ensuring that apps adhere to to all of the guidelines for developers, or should we simply treat all social networking apps with a healthy dose of caution?
Being honest (sorry devs), a more rigorous review process from Apple may be the way forward. The company makes a 30% cut from app sales and, since it’s a closed system, there’s no other way of getting apps onto an iOS device short of jailbreaking. The fact that this issue stems from a social networking app collecting personal information is irrelevant. The same .plist call could potentially be made by any type of app and it’s certainly not the responsibility of the user to check what information is being uploaded to remote servers.
That’s where the buck stops.