Path iOS app now hashes address book data
Path has released an update to its mobile application for Apple's iOS operating system so it now hashes user contact information. Following the discovery earlier this year that it had been uploading user address book data to its servers as an unencrypted plist file, the company apologised for insecurely handling private user data and published an update, version 2.0.6, that allowed users to opt in or opt out of sharing address book information.
By one-way hashing the string for an email address the Path systems can still compare the values between different users as they attempt to find people who know each other's email addresses; the same string hashed will generate the same hashed value. Because the value is hashed, Path cannot see what the original string was.
In a blog post, the photo sharing and messaging service says that it takes "privacy and security seriously", adding that the change in the new version of Path for iOS, 2.1.1, will anonymise "last names, phone numbers, email addresses, Twitter handles and Facebook IDs". Path collects and uses this data as part of an "Add Friends" feature to find friends and family who also use the service.
In addition to the security changes, Path for iOS 2.1.1 also fixes a number of bugs found in the previous release. Version 2.1.1 of Path is available to download from Apple's iTunes Store.
- Apple: Future iOS release will require user permission for apps to access address book, a report from The H.