On the same day as the social and photo-sharing app
Path agreed to an
$800,000 settlement with the Federal Trade Commission over its surreptitious uploading of users' contacts
without their knowledge last year, a security researcher discovered a "backdoor" way of obtaining the same data by reading the EXIF location embedded in digital photos even if "location sharing" is explicitly turned off. Path says it was previously unaware of the issue and has
already updated its iOS app to close the loophole.
