Are your mobile apps spying on you?

The controversy over Path, a mobile social networking app that hoovered up its users’ address books without telling them and got spanked for it, has just become a much bigger deal. How much do mobile apps really know about you? More than you might think.

Before getting pummeled on the InterWebs, Path CEO Dave Morin said it was “standard industry practice” for apps to upload data from users’ address books. It turns out he’s right. Some of the most popular mobile apps on the planet — including Facebook, Twitter, Foursquare, Instagram, and Yelp — all do it.

[ Also on InfoWorld: Get the full lowdown on the smartphone privacy problems that started with Path, courtesy of Cringely. | For a humorous take on the tech industry’s shenanigans, subscribe to Robert X. Cringely’s Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld’s Tech Watch blog. ]

But how they do it isn’t standardized at all. Some notify you first and ask permission; some don’t. Some send the data over an encrypted connection; some don’t. Some use the information to suggest friends you might want to connect with and throw it away; some hang on to it for as long as they like. Some encrypt your data on their servers or create a hash and discard the numbers; some store your numbers unprotected in plain text. It’s a total crapshoot.

For example: Facebook uploads your contacts by design; on my phone, my contact list and my Facebook friends list are merged. That’s no big secret, though it can be a little jarring to open your Facebook contacts list and find the cell numbers of all your friends — and some strangers, too. Want to delete your mobile contacts from Facebook? You can use this page. If you have an iPhone, you have to turn off syncing; otherwise, they’ll be reimported.

The L.A. Times reports that if you use the “find friends” feature on Twitter’s iPhone app, the microblogging service hangs onto your entire address book — names, email addresses, phone numbers — for 18 months. Don’t bother looking for that little info nugget in Twitter’s privacy policy; it’s not there. Twitter says it’s updating its mobile apps to be more forthcoming; in the meantime, you can tell it to delete your contacts posthaste.

Want to search for friends on Foursquare? According to VentureBeat, Foursquare also uploads your phone book, but it alerts you to what it’s doing; says, “Don’t worry, it’s sent securely and we don’t store it”; and gives you the option to say nooooo.

Following the Path debacle, Instragram quietly updated its photo sharing app to ask permission before uploading users’ phone books — but not before being caught in the act by The Next Web blog.

Of course, a lot of folks are pointing the finger at Apple for allowing apps to have their way with people’s address books. Not surprisingly, Apple points the finger right back. Company spokeshuman Tom Neumayr released a statement a few minutes ago to AllThingsD:

Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.

Why is this a big deal? Because phone numbers are some of the most personal information available about anyone. They are a semi-permanent unique identification number that also serves as a direct way to reach you at all times. Giving someone else your number means you trust them to not abuse it, call you at 3 a.m. for no reason, or spray paint it on a restroom wall.

But can you trust these Web apps — especially those that grab your numbers without asking — to not abuse it? The answer is that we shouldn’t have to. Maybe now, thanks to the Path debacle, we won’t.

Which nosy apps tick you off, and why? Post the most egregious examples below or email me: cringe@infoworld.com.

This article, “Are your mobile apps spying on you?,” was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely’s Notes from the Field blog, and subscribe to Cringely’s Notes from the Underground newsletter.