On the same day as the social and photo-sharing app Path
agreed to an $800,000 settlement
with the Federal Trade Commission over its surreptitious uploading of users' contacts without their knowledge
last year, a security researcher discovered a "backdoor" way of obtaining the same data by reading the EXIF location embedded in digital photos even if "location sharing" is explicitly turned off. Path says it was previously unaware of the issue and has already updated its iOS app
to close the loophole.