Path yesterday admitted to and apologized for uploading users’ entire iPhone contacts list to their servers. Lots of people were – understandably – enraged, but several people also put some blame on Apple for even allowing full access to the address book data without prompting the user for permission.
I fully believe this issue is a failure of Apple and a breach of trust by Apple, not by app developers.
While I agree that Apple is at fault here, – firstly because they don’t protect your data and secondly because the Path app passed the review process although the app’s behaviour is clearly in violation of the review guidelines – developers who are using this design flaw in iOS to their advantage are still not in my good book. If you leave your door unlocked and someone steals your TV, does that make it your fault alone because you made it so easy for the burglar to steal from you? Of course you are to blame, at least in part, but that doesn’t make the act of stealing any more right from an ethical point of view.
Using your users’ personal data without their express permission is wrong no matter what you’re using that data for or how your gained access to it.
via Marco Arment
Update: Jailbreak users can protect themselves from unwanted access to their contacts with a new app called ContactPrivacy, available in Cydia.