Now that the firestorm over the Path app downloading a user’s entire address book appears to have subsided, it’s only natural that Apple would be put back in the crosshairs with another privacy gaffe -- and this time, one that gives developers access to your photos.
The New York Times is reporting that your iOS device photos are vulnerable to unscrupulous developers, thanks to vulnerability in Apple’s location permissions. According to app developers interviewed for the story, once a user has given permission for an iPhone, iPod touch or iPad to access the location information stored in your photos, that particular app is free to “copy the user’s entire photo library, without any further notification or warning.”
Before panic sets in or frogs start raining from the sky, keep in mind that such access allows for uploading photos to a service in the first place -- such as Facebook or photo services like Flickr or Shutterfly. And this is nothing new: The location permission feature dates back to iOS 4 in 2010.
“Conceivably, an app with access to location data could put together a history of where the user has been based on photo location,” said David E. Chen, co-founder of iOS developer Curio. “The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.”
To prove the vulnerability exists, The Times commissioned an unnamed app developer to create a test application known as PhotoSpy, strictly to see what the location permission was capable of giving up. The app -- which was never submitted to the App Store -- “began siphoning photos and their location data to a remote server” as soon as permission was granted.
“It’s very strange, because Apple is asking for location permission, but really what it is doing is accessing your entire photo library,” said John Casasanta, owner of Tap Tap Tap, creators of the popular Camera+ app. “The message the user is being presented with is very, very unclear.”
While Apple remains mum on the subject since the report was published on Tuesday, “sources familiar with the situation” who spoke to website The Verge claim that a fix is “most likely coming” to plug this loophole -- so there’s no need to go deleting all those photo apps off your iOS device quite yet.
Follow this article’s author, J.R. Bookwalter on Twitter
(Image courtesy of The New York Times)
