Once the center of a firestorm of scandal regarding its collection of users’ address book data without explicit permission, social networking app Path has announced that in order to further safeguard security, it will hash user contact data so that it is anonymized, according to a new blog post from the company. The new update, version 2.1.1, will still collect contact data, but only with explicit permission and will anonymize last names and other details.
The company has always uploaded the address book of users to its own servers, saying it wanted to have the contact information available to notify a user if any of their friends or family join the service. After hackers discovered the uploading, users and authorities reacted harshly to the lack of explicit notification as well as the possibility that both user and non-use identify information was at risk for abuse.
The pilfering of address book data was against Apple’s guidelines at the time, but the company moved swiftly to modify iOS so that developers couldn’t avoid asking user permission for such information, and has had to answer calls from authorities as to why the contact data (and, as was later discovered, photo/video libraries) was unprotected. Other applications have legitimate uses for such data, such as Dragon Dictation, which needs access to a users’ address book to discover friends’ names so that it will recognize them in speech, but requires users to OK the upload of such data before doing so.
Eventually, Path issued a formal apology for the surreptitious collection of user data and scrubbed the records it had, updating Path with a new version that asked user permission for contact information for friends and family. The latest update adds the hashing, which will obscure last names, phone numbers, email addresses, Twitter handles and Facebook IDs.