On the same day as the social and photo-sharing app Path agreed to an $800,000 settlement with the Federal Trade Commission over its surreptitious uploading of users' contacts without their knowledge last year, a security researcher discovered a "backdoor" way of obtaining the same data by reading the EXIF location embedded in digital photos even if "location sharing" is explicitly turned off. Path says it was previously unaware of the issue and has already updated its iOS app to close the loophole.
