SAN FRANCISCO (CN) - A man claims in a federal class action that the Path social networking app for mobile phones spies on customers, gleans sensitive data such as his location and contact information about their minor children, and stores it so insecurely that it's accessible to "even an unsophisticated hacker."
Oscar Hernandez, of Texas, claims that Path Inc "gained access to, and use of, plaintiff's and class members' mobile devices, without authorization and consent, to obtain and store contact address data, including personally identifiable information of minor children that was within the contact address book, bypassing the technical and code-based barriers intended to limit access, in addition to bypassing plaintiff's and class members' privacy settings, including offsite social network settings."
Path "individually and in concert with Path Affiliates, has been systematically engaged in and facilitated a covert operation of surveillance of class members in violation of the following, to wit: 1) Violations of the Electronic Communications Privacy Act; 2) Violations of California Computer Crime Law; 3) Violations of California's Invasion of Privacy Act; 4) Violations of California Unfair Competition Law; 5) Violations of California Consumer Legal Remedies Act; 6) Violations of California Customer Records Act; 7) Invasion of Privacy and Seclusion and Public Disclosure of Private Facts; 8) Conversion; 9) Trespass to Personal Property/Chattels; and 10) Unjust enrichment," the complaint states.
Hernandez says he used the Path app to upload and share digital photos, audio and video, to visit other social network sites and to interact with people both in and outside of his address book.
Path describes its app in the iTunes App Store as "the smart journal that helps you share life with the ones you love - your thoughts, the music you're listening to, where you are, who you're with, when you wake and when you sleep." The app allows users to interact on public networks such Twitter, Foursquare and Facebook.
Hernandez claims that Path's intent behind its app is to "provide a platform which permitted uploads of digital content to allow a 'GPS filtering process.' This process includes, but is not limited to, digital content geo-tagging to correlate such with users' content, including contact address book data, for mobile tracking of online social network 'interactions' with contacts, a tracking mechanism referred to herein as 'filter cookies.'
"While Path's practices include the unauthorized interception, use, and storage of contact address data, a review of Path's provisional patent application reveals a higher level of tracking than that carried out by other apps. Path's 'uncommon practices' include tracking its users' interactions with users' contacts in online social networks, correlating the user's contact address data with digital media content that has been altered ('fingerprinted') to include exact GPS latitude and longitude coordinates, as revealed in its tracking protocol," according to the complaint.
Hernandez claims that while Path's business model is different from other social networking sites, the company's business plan is the same: Provide a nominal service to attract users in order to collect and sell user data.
"The dilemma for app developers is how to obtain substantial amounts of user data without a user's knowledge," the complaint states.
"It is well known that users who are asked to opt-in to provide personal info will not agree to such due to privacy concerns. Such hesitation will ultimately cause users not to provide data, which will terminate VC [venture capitalist] funding, and then the apps would cease to exist," according to the complaint.