Path uploads your entire iPhone address book to its servers

Arun Thampi writes, "It all started innocently enough. I was thinking of implementing a Path Mac OS X app as part of our regularly scheduled hackathon. Using the awesome mitmproxy tool which was featured on the front page of Hacker News yesterday, I started to observe the various API calls made to Path’s servers from the iPhone app. It all seemed harmless enough until I observed a POST request to

"Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path. Now I don’t remember having given permission to Path to access my address book and send its contents to its servers, so I created a completely new “Path” and repeated the experiment and I got the same result – my address book was in Path’s hands."

The story is too old to be commented.
Cat3954d ago

I tried out (and then abandoned) Path in November, but even with Path deleted they have my whole address book, without my permission. Requesting that they delete it yields a one month wait.

They can play it off as "We’re only using it to help you find your friends, no biggie" all they's not cool.