The address-book uploads occurred between November of 2011 and February of 2012, the FTC alleged in a complaint made public on Friday. During that time, the Path App for iOS automatically gathered and stored contacts in users' address books, regardless of users' preferences, the FTC said. Path's interface gave people the option of uploading their contacts in order to find friends, but the app allegedly imported the information in all cases. "As a result, the user had no meaningful choice as to the collection and storage of personal information from the user's mobile device contacts, and the user interface options were illusory," the complaint reads.
The first report about Path's address-book uploads surfaced last year, when developer Arun Thampi reported it on his blog. Path CEO Dave Morin quickly apologized in a blog post and said the company had deleted the data.
Path isn't the only mobile app developer to engage in questionable privacy practices. Last February t, a different developer accused mobile app Hipster of secretly uploading users' contacts. Hipster CEO Doug Ludlow said that report was "spot on" and apologized for the data collection. Both Path and Hipster are now facing potential class-action lawsuits.
The FTC also charged Path with violating COPPA by knowingly collecting personal data from around 3,000 children under 13 without their parents' permission. The FTC alleged that Path asked users for their birthdates and then proceeded to collect emails, names, phone numbers and other data from users who said they were under 13. The company allegedly did so between November of 2010 and May of 2012.