Product Reviews
Take Action

Save Net Neutrality

Preserve an open internet where you can access websites without barriers. Make your voice heard by standing up for net neutrality.
Take Action
Why Do We Have Campaigns?
We're fighting to ensure you and your family can get a fair deal in the marketplace, especially on the choices that matter most: health care, privacy, automobiles, food, finances and more. Join our campaigns and together, we'll hold corporations and lawmakers accountable.

Path and its aftermath: Which iOS apps access your contacts?

Consumer Reports News: February 15, 2012 10:53 AM

Update: Apple says that soon apps that use address book data will require explicit user permission to do so, reports All Things D.

Update: As a result of the Path firestorm, two members of Congress have sent a letter to Apple regarding the company's app developer policies and practices, and whether they "may fall short when it comes to protecting the information of iPhone users and their contacts."

Path, a social-media app for iPhones, made many headlines recently after researchers discovered the software was uploading users' contact information from address books without getting their permission to do so. The company has since apologized to users and updated the app so that they can opt out of sharing their address books.

But tech site The Verge has done some additional testing and found that Path was not alone in pulling this information from users without asking. In fact, according to the site:

Stated simply: any iOS app has complete access to a large amount of data stored on your iPhone, including your address book and calendar. Any iOS app can, without asking for your permission, upload all of the information stored in your address book to its servers. From there, the app developer can either use it to help find your friends, store it in perpetuity, or do any number of other things with it.

The Verge checked a number of apps that make use of subscribers' address books and discerned three categories:

  • Egregious offenders: Apps that upload address books without asking or informing you. These include FourSquare, a location-based mobile social networking app.
  • Clear cases: Apps that upload your address book but do so only when you initiate an action in the app. Examples are the apps for Twitter, Facebook, and LinkedIn.
  • Explicit warners: Apps that let you know you're about to upload your address book. This group now includes Path, as well as Hipster (an app that lets you post geotagged digital pictures), and Instagram, a popular photo-sharing app.

There are certainly legitimate reasons for an app to access a user's address book, particularly apps that share things like pictures and locations with friends. But judging by the amount of negative attention Path received recently, most app users would rather be told it's happening and to have the ability to say no. Hopefully more apps will join the second and third groups.

In general, make sure to read through all the permissions requests before you download an app on any mobile platform, tedious though that may be, so you have an idea of what you're getting into and what you may be sharing when you use the app.

For more safety tips. see Consumer Reports Guide to online safety.

5 ways to protect your smart phone
Cell phone apps may be susceptible to data breaches

iOS apps and the address book: who has your data, and how they're getting it [The Verge]

Carol Mangis

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics News


Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings


Mobile Get Ratings on the go and compare
while you shop

Learn more