Instagram updates to add more privacy controls; Path catches heat for uploading contacts lists

by Phil Hornshaw

Last week, social networking app Path got itself into trouble when it was revealed that the app was accessing and transferring users’ contact lists from their smartphones iPhones and iPads without permission.

Path wasn’t necessarily doing anything insidious, but it was uploading users’ lists of contacts to check against its database, using those contacts in its “Add Friends” feature. That was a means by which people with Path accounts could quickly see if their friends were also using the social networking app. But Path didn’t ask permission of its users to take that contact data or to upload it, which is what stirred up the controversy. Path has since released a statement saying that it has deleted all contact data uploaded from users.

Meanwhile, in order to avoid similar fallout, another popular social networking app has released an update with a privacy upgrade. That app is Instagram, an app that lets users shoot, filter and share photos with one another. As The Next Web reports, while Path caught most of the flak for uploading user Contacts Lists to its servers to facilitate friend searching, Instagram was operating in much the same way. The recently dropped update allows users to opt in or out of sharing that contact information in order to find their friends on Instagram.

Downloading or updating to the new Instagram app means users will get a prompt when using the friends-finding feature that notifies them that contact data will be sent to Instagram’s servers. Path also has been updated with a similar prompt. In addition to the new opt-in dialogue box, Instagram includes a couple new features in the update: a new filter for photos, and a new editing featured called Lux.

With its update, Path released a statement that included the notification that all user contact data had been deleted from its servers and explained its new opt-in, opt-out system. Users are now prompted when they’ll need to share contact data with Path, but even if they choose to do so, they can also opt out of sharing at a later time by sending an email to the company at service@path.com.

It's worth noting that Path and Instagram are by no means the only apps in the iTunes App Store making use of users’ contact data for certain functions, like locating other app users. The trouble for these two social networks is partially because of the ways the information was gathered – without notifying users – and because the data was stored as plain text on their servers. Most services discard plain text information and opt to hash the data instead, which changes it to be more difficult to read but more easily accessed by servers and programs.

Instagram’s response to the Path fallout is indicative of what is likely happening with lots of apps at the moment. With the app space growing as quickly as it is, missteps like this one are bound to occur; but when one app maker messes up, other app makers take note and make important changes. Path, Instagram and other apps are likely more secure for the fallout.