Apple Loophole Allows Developers to Access User Photos in iOS


A recent report by the New York Times Bit Blog reveals that a loophole in Apple’s mobile devices allow for developers to access user photos without their knowledge. Before anyone panics, know that it’s not clear if this has happened with any apps yet.

The issue is that when users are asked if they would like to allow an application to use their location information, the app gains access to some of their personal information. One bit of information includes their address book. The other, which the New York Times reports today, is the photo library.

Apple would not likely allow for an app that does this to enter the app store (everything that goes in goes through Apple for verification). However, an app can get away with doing it in secret.

Here’s a portion of the original report:

“Conceivably, an app with access to location data could put together a history of where the user has been based on photo location,” said David E. Chen, co-founder of Curio, a company that develops iOS apps. “The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.”

The report indicates that full access to the user’s photo library became possible with iOS 4. The intent was that it would make legitimate photo applications for iOS more efficient. However, the Times also says that it’s unclear why this permission would be tied to sharing location data.

The Times also reports that they had an unnamed developer create a “PhotoSpy” app to test this:

“When the “PhotoSpy” app was started up, it asked for access to location data. Once this was granted, it began siphoning photos and their location data to a remote server. (The app was not submitted to the App Store.)”

Remember, folks, don’t take dirty pictures with a connected device. That’s all the advice we have.


[Via New York Times]

About 8bitjay

Google + Profile