Ransack Your Way to Success!

It all started innocently enough. I was thinking of implementing a Path Mac OS X app as part of our regularly scheduled hackathon. Using the awesome mitmproxy tool which was featured on the front page of Hacker News yesterday, I started to observe the various API calls made to Path’s servers from the iPhone app. It all seemed harmless enough until I observed a POST request to https://api.path.com/3/contacts/add.

Arun Thampi: Path uploads your entire iPhone address book to its servers

Like location, I assume iOS will eventually require user permission for apps to access contact info. That Path was approved with such unethical functionality (that also appears to be a flagrant violation of the review guidelines) should be a reminder that the scrutiny given to apps is inconsistent and you cannot assume that because the App Store℠®™© (or any app store) is a walled garden, apps within are respectful of you.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>