Apple Loophole Gives Developers Access to Photos

Excerpt from an article in

The New York Times

Wednesday, February 29, 2012

Apple Loophole Gives Developers Access to Photos

By NICK BILTON

SAN FRANCISCO - The private photos on your phone may not be as private as you think.

Developers of applications for Apple's mobile devices, along with Apple itself, came under scrutiny this month after reports that some apps were taking people's address book information without their knowledge.

As it turns out, address books are not the only things up for grabs. Photos are also vulnerable. After a user allows an application on an iPhone, iPad or iPod Touch to have access to location information, the app can copy the user's entire photo library, without any further notification or warning, according to app developers.

It is unclear whether any apps in Apple's App Store are illicitly copying user photos. Although Apple's rules do not specifically forbid photo copying, Apple says it screens all apps submitted to the store, a process that should catch nefarious behavior on the part of developers. But copying address book data was against Apple's rules, and the company approved many popular apps that collected that information.

Apple did not respond to a request for comment.

The first time an application wants to use location data, for mapping or any other purpose, Apple's devices ask the user for permission, noting in a pop-up message that approval "allows access to location information in photos and videos." When the devices save photo and video files, they typically include the coordinates of the place they were taken - creating another potential risk.

"Conceivably, an app with access to location data could put together a history of where the user has been based on photo location," said David E. Chen, co-founder of Curio, a company that develops apps for iOS, Apple's mobile operating system. "The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use."