It is super curious why Apple decided to allow apps to access the Address Book freely. I'm releasing an app on the App Store next week and I definitely thought about all the evil things I could do to my users because Apple provides them no protection. And as a developer looking for success on the App Store, it is very tempting.
I once considered the possibility of uploading the entire address book to my servers, too. In fact, I even considered email/sms spamming everyone in those address books with "invitations" from the address book owner to download my app. Of course, I did not end up doing any of that nefarious stuff. Not even uploading the address book for innocent "Add Friends" features. But the fact remains that given the freedom to do so, almost every developer will be, at least, tempted to take advantage of it. Most will.
I honestly don't think Path did anything wrong and I'm sure they kept the information secure on their servers. It's Apple that somehow let this one slip through.
I think you misunderstand. I think Path did nothing wrong not because they "weren't caught". I'm sure they keep their data secure and they only use it to benefit the user's experience - ergo, nothing wrong. On the other hand, if say, they spammed people's address books, then I would think they are in the wrong. Or if they sold the data, then they are in the wrong. But as far as I can tell, they did nothing bad.
Oh and by "let it slip through," I didn't mean the app itself, but the fact that the SDK requires no authorization from the user for any app to access the address book. Like the author of the article said, it requires it for location. Why on earth doesn't it require it for your contacts? They're arguably much more valuable.
Perhaps, to Apple, it's really not your data. When you put data on an Apple device, they consider it to belong to Apple. So the appropriate permission was granted when they accepted Path into the App Store. Maybe this is the Apple way of thinking?
I once considered the possibility of uploading the entire address book to my servers, too. In fact, I even considered email/sms spamming everyone in those address books with "invitations" from the address book owner to download my app. Of course, I did not end up doing any of that nefarious stuff. Not even uploading the address book for innocent "Add Friends" features. But the fact remains that given the freedom to do so, almost every developer will be, at least, tempted to take advantage of it. Most will.
I honestly don't think Path did anything wrong and I'm sure they kept the information secure on their servers. It's Apple that somehow let this one slip through.