I think you misunderstand. I think Path did nothing wrong not because they "weren't caught". I'm sure they keep their data secure and they only use it to benefit the user's experience - ergo, nothing wrong. On the other hand, if say, they spammed people's address books, then I would think they are in the wrong. Or if they sold the data, then they are in the wrong. But as far as I can tell, they did nothing bad.
Oh and by "let it slip through," I didn't mean the app itself, but the fact that the SDK requires no authorization from the user for any app to access the address book. Like the author of the article said, it requires it for location. Why on earth doesn't it require it for your contacts? They're arguably much more valuable.
Oh and by "let it slip through," I didn't mean the app itself, but the fact that the SDK requires no authorization from the user for any app to access the address book. Like the author of the article said, it requires it for location. Why on earth doesn't it require it for your contacts? They're arguably much more valuable.