This wouldn't be the first time Path's beamed your contact information to its servers for the purposes of promotion: Dave Morin, the app's creator, issued a public apology and paid an $800k fine over privacy screw-ups.
Now it seems like it's happening again:
When I rolled out of bed this morning the first I knew about what had happened was when my dad told me he’d received two text messages (one on his mobile, one on his work phone – neither of which are smartphones) about some pictures I wanted to share with him. While telling him that I’m not exactly sure what he was talking about my house phone rang – my mum uttered the usual exclamation of: “who could be ringing at this time?” as I answered.
Having uninstalled the app yesterday when I decided it wasn’t for me, I’m going to go ahead and assume that Path took this data out of my phonebook sometime during the half hour I had it installed.
When I was asked about inviting people to Path as I installed the app I said no, and without entering much in the way of personal information Path decided to text my entire phone book for me the day AFTER I uninstalled it from my Android.
Emphasis added. After complaining to Path via Twitter, the company has finally replied: