IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

FTC hits social network Path with record $800k fine

$800,000 penalty for data theft and underage sign-ups is highest ever given to app developer.

Justice scales and books

The US Federal Trade Commission (FTC) has issued its biggest ever fine to an app builder, accused of accessing customers' private data without permission.

Path, a social networking app that lets mobile device users share photos and instant messages, was ordered to pay $800,000 (509,517) by the FTC after it found the company had misled customers.

According to the commission, the app offered users "no meaningful choice" about the collection of personal data from their phone and would upload the names, email addresses, phone numbers, and Facebook and Twitter usernames to its servers, regardless of whether the customer had given it permission to.

The app offered users no meaningful choice about the collection of personal data

The issue was discovered almost exactly a year before the fine was issued, by action.io developer Arun Thampi.

Dave Morin, co-founder and chief executive of Path defended the move, saying: "We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and family join Path. Nothing more."

However, in a blog post, Morin then claimed the company had deleted "the entire collection of user uploaded contact information from [its] servers".

Moreover, the app is also understood to have allowed children under the age of 13 to sign up to the service without parental permission, which is illegal in the US. The FTC said approximately 3,000 children did sign up to Path, which currently has around 6 million users.

Morin defended his company, saying in another blog post: "As you may know, we ask users' their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13.

"Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age [sic] accounts that had mistakenly been allowed to be created."

Nevertheless, Jon Leibowitz, in his last day in charge of the FTC, said: "This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."

The agency also warned all app developers and handset makers to improve data security, adding that a "rush to release may result in dangerous security oversights".

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

FTC bans SpyFone and orders company to quit surveillance app business
Policy & legislation

FTC bans SpyFone and orders company to quit surveillance app business

2 Sep 2021
FTC scolds Facebook for citing it in researcher ban
social media

FTC scolds Facebook for citing it in researcher ban

6 Aug 2021
Civil rights groups ask the FTC to stop Amazon surveillance
Policy & legislation

Civil rights groups ask the FTC to stop Amazon surveillance

30 Jul 2021

Most Popular

FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022