Twitter stores full iPhone contact list for 18 months, after scan

By David Sarno

Feb. 14, 2012 12 AM PT

Updated with clarification from Twitter see below.

Twitter Inc. has acknowledged that after mobile users tap the “Find friends” feature on its smartphone app, the company downloads users’ entire address book, including email addresses and phone numbers, and keeps the data on its servers for 18 months. The company also said it plans to update its apps to clarify that user contacts are being transmitted and stored.

The company’s current privacy policy does not explicitly disclose that Twitter downloads and stores user address books.

It does say that Twitter users “may customize your account with information such as a cellphone number for the delivery of SMS messages or your address book so that we can help you find Twitter users you know.”

As with many online social services, Twitter allows users to look for friends that are also registered users. In the case of Twitter’s iPhone app, users see a screen noting that the service will “Scan your Contacts for people you already know on Twitter.” The short description of the feature does not mention that it also downloads every entry in the address book and stores it.

Twitter’s current privacy policy notes that some categories of “Log Data” are stored for up to 18 months.

“Log Data may include information such as your IP address, browser type, the referring domain, pages visited, your mobile carrier, device and application IDs, and search terms,” the policy says. “Other actions, such as interactions with our website, applications and advertisements, may also be included in Log Data.”

In response to questions about the process, Twitter spokeswoman Carolyn Penner said the company is planning an update to the language they use in the mobile app.

“We want to be clear and transparent in our communications with users,” Penner wrote in an email. “Along those lines, in our next app updates, which are coming soon, we are updating the language associated with Find Friends -- to be more explicit. In place of ‘Scan your contacts,’ we will use “Upload your contacts” and “Import your contacts” (in Twitter for iPhone and Twitter for Android, respectively).

Penner also noted that Twitter users can have the service remove their contact databases using the “remove” link on this Twitter webpage.

The disclosure from Twitter comes after another online social service, Path, came under fire last week for automatically downloading iPhone users’ address books without permission. The chief executive of Path, Dave Morin, apologized for the automatic download and said Path would correct it, but also mentioned that such processes were “industry best practice.”

Updated February 15th, 12:51 p.m. Twitter has clarified that it does not store names from address books, only email addreses and phone numbers. The company initially told the Times that names were among the types of data it gathered from users’mobile contacts lists.

When users activate the service’s “Find friends” feature, “the email addresses and phone numbers in your address book will be shared with Twitter,” wrote Carolyn Penner, Twitter’s spokesperson. “Later, if one of your contacts signs up for Twitter with one of those email addresses and chooses to be discoverable by the address, we can connect you two.”

Apple’s Tim Cook hints at something ‘larger’ in firm’s TV arsenal

Former Facebook exec Dave Morin rejects $100-million buyout offer from Google