Apple

Glitch in iOS apps allows developers access to users' photo libraries

It hasn't been a good month for user privacy in the app world. A glitch in Apple's iOS apps could be exploited to allow app developers access to users' entire photo libraries.

The New York Times reported on a glitch in iOS apps that gives app developers access -- without permission -- to users' photo libraries stored on their phones or other devices:

As it turns out, address books are not the only things up for grabs. Photos are also vulnerable. After a user allows an application on an iPhone, iPad or iPod Touch to have access to location information, the app can copy the user's entire photo library, without any further notification or warning, according to app developers.

When an app first asks a user's permission to use location services, it not only collects that information, but also gains access to the entire photo library -- something that users who think their photos are "private" might want to know. The NYT even had a developer to create a test app called PhotoSpy to confirm that this was actually possible.

When the test app, PhotoSpy, was opened, it asked for access to location data. Once this was granted, it began siphoning photos and their location data to a remote server. (The app was not submitted to the App Store.)

This capability has been known to developers, according to the Times report, but with the assumption that Apple would not allow apps that "inappropriately exploited" this feature into the App Store. That's a lot to assume! The privacy implications are obvious. There was no formal response from Apple about the problem, as of the time of the article, and I haven't been able to find any since then.

After the earlier flap this month about apps such as Path and Instagram actually uploading users' address books to company servers, this serves as a further blow to consumer confidence that the apps they download aren't also able to upload private data from their phones without their knowledge. While the address book uploading actually occurred, it is not known if any current apps have been secretly taking advantage of the loophole in iOS to upload user's photo libraries, but until Apple addresses the issue, you should be aware of the privacy risk.

About

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...

4 comments
Gisabun
Gisabun

This could open up another can of worms for Apple. Of course we are not surprised of this problem. At least the second issue discovered from Apple products this week.

Gr8Music
Gr8Music

There's thousands of holes in any OS. If you were to test every possible scenario before release, it would never be released. The real problem is those that exploit the hole for devious purposes. Only the evil, like Facebook, would download the photos for the express desire to run facial recognition thru their 800 million member accounts. Don't blame Apple, blame the evil developer.

HAL 9000
HAL 9000

Apparently anyone who questions the Great New World as Expounded by Apple is subhuman and needs to get a life or something along those lines. Col :^0

spawnywhippet
spawnywhippet

Funny how quiet those iFans go when something bad to expressed about their leader's products