On the Wrong Path

Today, the FTC announced a settlement with Path — a social networking site that promoted itself as a different kind of social network. Primarily available to users through a mobile app, Path claimed that it “should be private by default. Forever. You should always be in control of your information and experience.” 

That’s a nice sentiment, but the FTC charged that what Path told people it was doing with their personal information didn’t jibe with what was going on behind the scenes.

In version 2.0 of the Path App for iOS, a new feature to “Add Friends” gave people the option to “Find friends from your contacts.” But even if users didn’t choose that option, the app automatically collected personal data from users’ contact lists and stored it on Path’s servers. What did Path collect? To the extent the information was available, the first name, last name, address, phone numbers, email addresses, Facebook username, Twitter username, and date of birth of each contact. Path automatically collected and stored this data the first time the user launched the app and, if they signed out, each time they signed back in again. 

The FTC complaint also charges that the company — which collected birth dates during the registration process — had actual knowledge that about 3,000 users were under 13. So, to comply with COPPA, Path should have gotten parents’ consent before collecting, using, or disclosing information about their children — an obligation Path didn’t live up to. 

The upshot of Path’s alleged COPPA violations?  Kids under 13 could create journals, share photos and “thoughts,” and share their precise location. The FTC says with version 2.0 kids’ contact lists were collected, too.

So, here are a couple of key points about  mobile apps to keep in mind and also share with your kids:  

  • If you’re providing information through an app, someone may be collecting it — say, the app developer, the app store, an advertiser, or an ad network. 
  • Whoever is collecting your data may be sharing it with others.  
  • When you download an app, it may ask for permission to access information on your device. Pay attention to the request. Some apps access only the data they need to function, but others access data that’s unrelated.
Blog Topics: 
Privacy & Identity

Leave a Comment

Commenting Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.