iOS Security Loophole Allows Apps To Access Photos On Device
A potential new privacy loophole has been discovered in the way iOS handles the Camera Roll and how apps are granted permission to interact with it. Unsurprisingly, the pitchforks are out all over again.
We’ve had nothing but security and privacy worries of late, especially if we happen to use an iOS device which given Apple’s latest sales figures, amounts to more than a few. In fact, the chances are that if you’re reading this then you own an iOS device. Or at least, have in the past.
The latest privacy scaremongering comes after it was revealed that apps could potentially, should someone really, really want to, take a user’s Contacts details and in theory, do what they want with them. It needs an unscrupulous app developer, and then for the app to get through Apple’s App Store testing, but it’s possible. Path was the unfortunate recipient of much internet ire recently, and it won’t be the last.
Now it seems that people’s photos may potentially be giving their locations away, too, and apps don’t need to have been granted specific access to said photos in order for such a data leak to occur.
See, once a user grants an iOS app access to their location, said app immediately has access to their Camera Roll, too. Should the app’s developers desire, it is then possible for all a user’s photos and videos to be uploaded somewhere, ready for their geolocation data to be scraped. That data could then be used for all kinds of things, many of which will have the tinfoil hat brigade shaking in a corner, possibly rocking back and forth.
The discovery comes courtesy of David E. Chen, co-founder of app developer Curio.
“Conceivably, an app with access to location data could put together a history of where the user has been based on photo location, the location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.”
Now it’s already clear that this is indeed something of a loophole, but it is something that we are a little surprised that people didn’t realize was possible before. It’s becoming more and more difficult to avoid turning this here post into a rant about "over-privacy," especially when the people who are no doubt going to complain about such a potential leak of location data are probably checking into Foursquare and Facebook at every turn.
That said, maybe our lives are just boring and we assume nobody cares what we’re up to!