It was just about a two weeks ago when we were discussing Apple’s last mini-scandal over app permissions and user privacy, when it we learned that apps were gaining access to the contact books of users, despite not formally requesting any permission to do so. The ire wasn’t so much with the developers creating these apps, but at Apple for approving them for sale despite such behavior. Apple did some quick damage control, and ultimately announced that it would require apps to now specifically ask your OK before getting access to your contacts. Today we learn of another permission-related issue that will likely be causing Apple some new headaches.
The issue at hand today relates to your personal photo library. Apps can get access to your photos, but they’re supposed to have to request permission first. The problem, as is coming to light, is that it’s not always clear the extent of access you’re granting them. The problem arises when an app requests access to location data; it doesn’t just get your current GPS readings, but can look at the saved location data tagged to photos in your library. As it turns out, there’s no barrier between “being able to read location info from photo metadata” and “having full access to all your pics”, so any app you’ve granted location permissions to also has full view of your photo library.
We haven’t heard of any apps using this photo access to any malicious ends, but the problem is that the vulnerability exists, not whether or not it’s been exploited yet. Supposedly, developers have been aware of this situation for ages, but nothing’s been done about it. With the publicity the issue’s getting today, you can bet that Apple will finally have to do something about it.