It is definitely illegal in the UK (and Path is available in the UK).

http://en.wikipedia.org/wiki/Data_Protection_Act_1998

I naively thought that iOS Apps wouldn't do this, in part, because it was illegal.

Also, by deleting the data from the servers—are they not now destroying evidence?

I voted you up because you bringing a great point. didnt think this way. but now going this hm path :) if there will be any FCC or other inquiry, wonder if longterm this will help Path or not.

I'd expect most european countries to fall in the same category. Actually, I'm surprised it's not illegal in the US.

They do fall in the same category, because of the Data Protection Directive. This is not a law, but all EU states interpreted the directive, and enacted it into law, and the law in each country is now basically the same.

Unfortunately, no company really gives a shit about this law (unless it suits them, e.g. when you complain about something, often they hide behind it as an excuse for not telling you something).

Because no-one ever checks up on them.

These are all fine and valid points, but the fact remains that a free game app might be very tempted to complement its lousy revenue by stealing and reselling users' address books and anything else their app can get its hands on. I as an iPhone user want a protection against that.

And it's criminal to do so. Software that steals data is malware. Prosecute these companies severely, put their president and the engineers who were in on it in prison for data theft and conspiracy. It's not like there isn't overwhelming evidence proving the case in these situations.

I'm not sure what your point is. Whether or not it's illegal, it should also be protected against by Apple, since it can be prevented entirely that way rather than waiting for someone to get caught and prosecuted for stealing data.

I guess you're saying don't blame Apple, blame the criminals. Okay, I blame the criminals. Crime is always the criminal's fault.

But I'd also like Apple to protect me from them. Especially since the App Store is advertised as a safe place and this view is reinforced by protecting access to other types of private data in the system.

I'm not blaming Apple for the behavior of criminals, but I am blaming Apple for failing to deliver a product that will protect me from them.

There are valid legal reasons to integrate with the address book. The argument that it's apple's fault is like saying WalMart is to blame for shoplifting because they don't put everything behind the counter. It would be very inconvenient to do so and overall things work better when we prosecute crime rather than create a police state environment where crime is not possible, while also making many reasonable actions difficult to do. I don't want to live in the Soviet Union and wait in line for bread.

> There are valid legal reasons to integrate with the address book.

Nobody is suggesting it should be impossible to integrate with contacts. The suggestion is it should be impossible to do so without asking my permission, as is the case with other private data. Requiring that apps ask approval before accessing my private data is not at all like waiting in line for bread in the USSR.

> The argument that it's apple's fault

Is one that nobody is making, so you don't need to debunk it. Or at the very least, I'm not making it, in fact, I very explicitly stated I wasn't making that argument in the post you replied to.

All of which costs millions of dollars.

Alternatively, Apple could spend a few thousand dollars and properly secure their MULTI billion dollar platform so the problem couldn't occur in the first place.

It doesn't cost millions to prosecute such a case. Ever if it did, so what. These criminal syndicates engaging in these illegal conspiracies and crimes are well funded, so all costs of prosecution can easily be paid for with fines and seizures.

It's important to keep in mind that where Path went wrong is they did not ask permission to upload the address book. Many, Many applications have a valid reason to move your contact list into the cloud - and as long as they ask my permission first, that's fine.

Agreed with your outrage on a company taking files off of my system (address book or otherwise) and uploading them. And, from reading the dcurt.is entry - it sounds like 85%+ of social apps do this as common practice.

I never thought about this before. But it seems like there are very different expectations for PC developers and smart phone developers. Companies developing software for a PC would never consider sending personal data to their servers.

Maybe its because mobile developers mostly come from web development where it is normal for the server to store such data. For a lot of web applications (web-mail, Facebook) it is part of the service.

3. Don't expose yourself by accepting responsibility for sensitive data (that you don't even need, probably)

If you upload personal data (which, I agree, is wrong unless explicitly requested and authorized) you are having much more data to protect.

> I don't buy these discussions about how it is Apple's fault. It's not.

Does Apple provide application level permissions system where users can see what permission application require, and where users can choose if they will grant application permission the right to read address book or choose not to install it?

If Apple doesn't do this, than it's Apples fault that it didn't sandbox applications enough in order to protect its users.

Whilst you are correct holding the app developers accountable, It's a bit naive to defend apple like this.

The world is certainly 'not' always ideal, and as a phone owner when I download apps, I would like to be able to defend my privacy at the OS level

So, any user who has had their address book or other personal data illegally uploaded should contact the FBI.