App developers – There’s more to protecting user privacy than merely asking permission from users to access data (like contact lists). You also need to ensure that the data you’re accessing and storing is secure. That is, the data needs to be hashed when it’s being sent to your servers. Matt Gemmell discusses this in a blog post from this past Sunday. Path got itself into this mess partly because it was sending and storing the data in plaintext. It’s the third-part app developer’s responsibility to hash user, not the platform’s responsibility (check out the Ars Technica quote from My Recipe Book and Simplegram app developer David Smith: “Hashing the user data would prevent much of this, but that could only really be done by third-party developers… if Apple did it then there wouldn’t be nearly as much utility provided to developers that the current address book APIs provide”).