The New York Times is out with a story Tuesday that says a “loophole” in Apple’s mobile software allows developers of iOS apps to upload a user’s photo library without specific permission to do so.
According to the story, when a user grants permission to a downloaded app to use the device’s current location, that doesn’t give them permission to access just location, but also the photo library. The Times had a developer create an app called PhotoSpy to test this theory, and it reportedly worked: the app could upload user’s photos, which had been geotagged, giving information to the app about where the photos were taken and when:
When the “PhotoSpy” app was started up, it asked for access to location data. Once this was granted, it began siphoning photos and their location data to a remote server. (The app was not submitted to the App Store.)
Sound familiar? Apple came under fire earlier this month when it was revealed that apps like Path, Instagram, WhatsApp and others were uploading users’ address books to their companies’ servers, and that Apple had never placed a formal restriction or set a required permission for this.
The big difference here, however, is that while apps were actually caught uploading users’ address books to remote servers without users’ knowledge, there have been no confirmed cases of apps that are currently for sale in the App Store uploading users’ photo libraries.
The blog 9to5Mac noted earlier that it’s not just photos and addresses, but movies, calendars and music data too that apps approved to sell in the App Store could gain access to without explicit permission granted by the app downloader.
Many people would probably be uncomfortable knowing that their photos could be sucked up to an app developer’s server without granting specific permission. Apple acts as a watchdog to keep untrustworthy or insecure apps out of its store, but it hasn’t demonstrated the ability to do this with 100 percent accuracy — and it would be unrealistic to expect as much, considering the sheer volume of apps that go through the approval process. So why not spell out these things directly and let users be aware of what is happening on their device, or at least what could potentially happen?
Apple has repeatedly espoused that user privacy is of the utmost importance to the company. At the same time, it likes to balance that with not peppering a user with zillions of pop-up permissions. In cases like this, though, laying out specifically what exactly an app has access to seems like a no-brainer, and entirely welcome.
Apple did not immediately respond to a request for comment.