A lawsuit filed against San Francisco-based Hipster claims that the popular mobile app company downloaded address books, passwords and other sensitive material for use by third parties without the knowledge or consent of users.

The suit, which was filed in U.S. District Court for the Northern District of California on behalf of three Texas residents, seeks class-action status. It claims the Hipster application drained battery life and tied up bandwidth while scooping up their personal data, and cost money to have removed.

The plaintiffs also claim that “highly sensitive personal information, revealing contact address data for professional treatment involving sexuality, mental illness, alcoholism, incest, rape and domestic violence” was copied from their devices. The suit is based on information revealed early last year.

Hipster debuted in 2011 and made its mark as an application by creating digital postcards for photo-sharing. The company was bought by AOL in March 2012, a month after Hipster’s errant behavior was revealed to the public by a tech blogger. Doug Ludlow, who was Hipster CEO at the time, apologized profusely (“We blew it, we’re sorry”) and the company changed the automatic downloads to a voluntary opt-in by users.

But that didn’t short-circuit lawsuits. Hipster was included a suit filed last year in U.S. District Court in Austin, Texas, by 13 individuals  against 18 mobile app makers for surreptitiously downloading address book information from wireless users. The suit, which also seeks class-action status, included Apple, Twitter, Facebook, Yelp, Instagram and Foursquare Labs.

The plaintiffs’ suit opens with a quote, “Don’t take things that aren’t yours,” from Robert Fulghum’s book, All I Really Need To Know I Learned In Kindergarten, and then proceeds to assert that, “Literally billions of contacts from the address books of tens of millions of unsuspecting wireless mobile device owners have now been accessed and stolen.”

Government has been slow to address the issue. California Attorney General Kamala Harris issued privacy guidelines last month for mobile app developers. And on Friday, the Federal Trade Commission (FTC) approved privacy protection guidelines for mobile apps that include a do-not-track feature. But neither set of guidelines are more than recommendations.     

The ongoing brouhaha over tech companies downloading personal information from wireless users kicked off in February 2012 when the social networking service Path was discovered downloading address books. The immediate response from Path CEO Dave Morin was that it was a feature, not a bug, meant “to help the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and family join Path.”

Morin’s mea culpa followed shortly thereafter. His argument has not been tested in court.

–Ken Broder

To Learn More:

Hipster App Steals Passwords, Class Claims (by Chris Marshall, Courthouse News Service)

Hipster Sued for Address-Book Uploads (by Wendy Davis, Online Media Daily)

Aol Snaps Up Hyper-Local Photosharing App Hipster (by Alexia Tsotsis, TechCrunch)

Apple, Facebook, Path, Twitter, Others Face Class Action Lawsuit (by Emil Protalinski, ZD Net)

F.T.C. Suggests Privacy Guidelines for Mobile Apps (by Edward Wyatt, New York Times)