That's not malware, it's to do with integrating specific services straight into an app. It is a privacy issue however, and will be fixed soon enough.
This is neither, it was never spying -- it used the data for friend suggestions:it is spyware (spying on your contacts information, which should be private), which is a type of malware - also curious to see what apple's response is, considering it was due yesterday
This is neither, it was never spying -- it used the data for friend suggestions:
This is there response to the matter: link
"obtaining information that is considered secret or confidential without the permission of the holder of the information"
I know, I posted it because it explained why the app was collecting address book data. I see why you thought that though.I meant apple's response to the congress inquiry, not that individual company's response
That may be the definition of spying, but spyware is designed to steal information. Path is a genuine app, they just went about getting the users Address Book information the wrong way, although they did have a valid purpose for it. This isn't like an app designed specifically to steal information, money or anything else, from the user, and there's plenty of those on the Marketplace. You won't really have a problem with the apps on the Marketplace if you're careful with what you buy, but the majority are technologically illiterate.and by the definition of spying
and that it was a program that did that, I would say it was spyware
Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.
In the interest of complete transparency we want to clarify that the use of this information is limited to improving the quality of friend suggestions when you use the ‘Add Friends’ feature and to notify you when one of your contacts joins Path––nothing else. We always transmit this and any other information you share on Path to our servers over an encrypted connection. It is also stored securely on our servers using industry standard firewall technology.
We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.
In Path 2.0.6, released to the App Store today, you are prompted to opt in or out of sharing your phone’s contacts with our servers in order to find your friends and family on Path. If you accept and later decide you would like to revoke this access, please send an email to [email protected] and we will promptly see to it that your contact information is removed.
This isn't like an app designed specifically to steal information, money or anything else, from the user,
So you're suggesting this app was designed with the sole purpose to pretend to have a valid use, but steal information secretly? (I know you're not, I'm making a point.)and a spy's job isn't only to steal information, it is also to pretend to have a different life/job/etc. as well, it's just that 1% of the time when they are stealing information that makes them a spy - just like other spyware apps, say "browser toolbars" - they supposedly have a purpose of doing SOMETHING other then stealing information, otherwise why would anyone install them? just like the spy has a purpose of doing SOMETHING other then stealing information, say working at a nuclear reactor as a scientist, in addition to sending information to the CIA about how enriched and how much u-235 there is at said reactor.
still can't find apple's response to congress..
Well, it's far from perfect: http://forums.macrumors.com/showthread.php?t=1334092&highlight=android+ios+photoandroid lists what the apps have permissions to before installing them.. meaning an app won't be looking into your contacts without your knowledge - actually doing a full review of the code would be very labor-intensive to do a good job, which is why Apple isn't having much success - or why they didn't even bother to do so for macs - a quick scan with an anti-virus might be a good 2nd choice, which there are apps that do that
So you're suggesting this app was designed with the sole purpose to pretend to have a valid use, but steal information secretly? (I know you're not, I'm making a point.)
Well, it's far from perfect: http://forums.macrumors.com/showthread.php?t=1334092&highlight=android+ios+photo
That maybe true about contacts, but not about photos. Right now, if you grant an app permissions to use the internet, it has full access to your photo library, on Android. There's a bug on iOS too, which allows an app full access to your photo library if you grant it access to location services.
That's just speculation though, neither of us know whether or not that's the case, and there's nothing either of us can do to prove it one way or another. Unless we engage in... SPECULATION WAR!!!!maybe not this app in particular, but I am sure that there are tons of apps that do just that
If you've got photos on your device though, you need only allow the internet permissions. Which, I assume is an oversight or a bug, as internet is totally unrelated to the users photos.you still need to allow the app to have access to the SD card and internet, although I agree "SD card" is rather vague as far as permissions go...
That's just speculation though
If you've got photos on your device though, you need only allow the internet permissions. Which, I assume is an oversight or a bug, as internet is totally unrelated to the users photos.
The potential exists, yes.as a programmer I can tell you there is incentive to do so and next to nothing stopping me from making a quick app that does exactly that, therefore it exists
That's not what was mentioned in the article though, it simply said you need only allow it internet permissions and it gains full access to your photo albums, I shall quote it:the app still needs permission to read the contents of the SD card - android is linux-based and apps by default don't have read access on the SD card, they have access only to their own folder inside the internal phone storage (each app runs as a separate user with only basic privileges by default)
In the case of Android-based applications, the user only needs to allow the application to use Internet services as part of the app for third parties to gain access to photo albums.
That's not what was mentioned in the article though, it simply said you need only allow it internet permissions and it gains full access to your photo albums, I shall quote it:
The potential exists, yes.
Perhaps, but it's also possible they're talking about a version of Android which does allow you access to the images via internet permissions, one you're not aware of.again, that is a reporter who doesn't understand what is actually going on the device - it needs internet permissions to transmit the images, and SD card privileges to view/read the images, with only 1 (but not the other), there isn't much that an app could do
I already said it exists, so why would you? You can if you'd like but you'd probably have your app removed and your license revoked.the potential exists.. do I need to create one to prove my point? (id rather not as I don't have an iphone/development environment.. but I imagine I could in about 10-15 hours)