The world is up in arms about how the mobile application Path, which I covered here as one of the next social networks to watch, has been sending users’ phone directory data back to the service. As someone that knows the founders and trusts what they’ll do with the data, I didn’t give it a second thought, but the concern is valid. I’d like to suggest that the problem isn’t Path’s though. In fact I warned about this before.
4 years ago, back in 2008, as Apple launched their own app platform and directory for developers to the public, the mobile app Loopt went through a similar controversy where it automatically sent an SMS to everyone in the user’s phone directory, without their permission. In this case, just like Path, the service assumed that users would be okay with sharing this data in order to make the service better. In both cases, there were many offended that this was happening.
I responded with an article of my own (again, this was in 2008!), suggesting that Apple needs privacy controls on their devices. Before any application can access phone numbers and other sensitive data from the phone, the operating system itself should be warning users that data is being retrieved, and ask the user’s permission. In fact, Android devices already do this to an extent, and services like Facebook do this before any application can access sensitive data about an individual.
It’s hard to believe that Apple has taken 4 years, and still hasn’t implemented any such controls. It’s, to me, not too much of a worry that apps like Loopt and Path are accessing this data, as both apps are good companies run by good people that have good intentions for this data. However, there are many applications out there that may not have such good intentions. In every case, it should be up to the user to decide, and know when their personal data is being transferred to a 3rd party application on their device.
So I’d like to turn the argument back around to Apple, not Path – why are you allowing 3rd party applications to access my data without my permission? It’s time well overdue to give users some control over their sensitive data.