Ransack Your Way to Success!

It all started innocently enough. I was thinking of implementing a Path Mac OS X app as part of our regularly scheduled hackathon. Using the awesome mitmproxy tool which was featured on the front page of Hacker News yesterday, I started to observe the various API calls made to Path’s servers from the iPhone app. It all seemed harmless enough until I observed a POST request to https://api.path.com/3/contacts/add.

Arun Thampi: Path uploads your entire iPhone address book to its servers

Like location, I assume iOS will eventually require user permission for apps to access contact info. That Path was approved with such unethical functionality (that also appears to be a flagrant violation of the review guidelines) should be a reminder that the scrutiny given to apps is inconsistent and you cannot assume that because the App Store℠®™© (or any app store) is a walled garden, apps within are respectful of you.

Published by

Daniel J. Wilson

I am a designer, drummer, and photographer in Brooklyn, NY.