> You attribute malice to where there probably is none.

No one ever says "I'll be evil". Instead, they come up with ways to justify the evil that they do.

The only reason for giving someone who "meant well" a pass is if it's likely that the bad outcome was fairly unexpected. If, as is usually the case, the bad outcome was likely, they should be held accountable for intending it, just as we do with drunk drivers. No, "meaning well" isn't an excuse for ignoring reality.

Remember, most of the world's horrors are caused by folks who claim that they're trying to do good.

There is no ill goodwill in his assessment. There is no way around it. Path is just like anything other company. They are in business to make money. No different than Google. No different than Facebook. No different than Apple. How they go about making money and the moral choices they make vary greatly. Whether they genuinely thought what they did was wrong or not doesn't make it right. They perfectly well knew what they were doing. Just like management at Sanlu knew what they were doing when they added melamine to the baby milk formula. The decisions were made with the bottom line in mind.

The previous replies do a good job of addressing your post, so I won't repeat what's already been said. The only thing I want to point out is that the in the specification I mentioned in my original post, the requirement was to circumvent the operating system's built-in warning to the user when their contacts were being accessed. Why go through the trouble to do this except to consciously deprive the user of the ability to say no? iOS doesn't have such a warning (and therefore I don't think the current issue is equally as egregious as this), but I think a lot of people are starting to wish it did.

>the more likely truth is that the Path folk genuinely saw nothing wrong with what they were doing

A child would know that this was wrong. It's that simple.