The New York Times reports iOS applications can download photos and videos from iDevices the same way they can download address books. See here a video report from Newsy:
Embedded Video Source by Newsy.com
Transcript by Newsy
BY EVAN THOMAS
ANCHOR CHRISTINA HARTMAN
First, your address book isn’t private. And now — any photos or video you’ve taken on your iPhone or iPad are up for grabs, too. The New York Times is reporting another vulnerability in the way iOS handles app privacy.
If a user lets an application access location data, the app can also grab the user’s entire photo library and dump it to remote servers. Developers said they knew about the ability, but assumed Apple would catch malicious apps at the door. And for what it’s worth, the Times has yet to find any apps in the App Store that download photos this way.
But why do location apps need access to photos in the first place? The Next Web thinks it has something to do with the way iOS assigns location information.
“Ostensibly, an application that requested access to a user’s location is being given access to the photo library due to its use of the geolocation feature, which embeds a location in a photograph. Why this is necessary for all location-based apps is the real question here.”
Business Insider says closely associating location data and photos could be very bad news.
“…once your photos are uploaded to an external server, there’s nothing that can be done to get them back. And if your photos contain location data in them, some creeper could put together a history of where you’ve been.”
On top of that, as ReadWriteWeb points out, lots of people use their iPhones as their go-to cameras nowadays.
“They’re used for photos intended for Facebook and Instagram, but they’re also used to casually photograph family events and, one must presume, much more intimate subject matter.”
Unnamed sources tell The Verge — applications were never meant to be able to vacuum up a user’s media like this. Now that Apple knows about the issue, a fix is probably coming.
“According to the people we talked to, Apple has been made aware of the issue and is likely planning a fix with an upcoming release of iOS. Those sources also confirmed that the ability to send your photos and videos to a third-party is an error, not an intended feature.”
GigaOM says — while Apple’s at it, it should take the opportunity to overhaul its privacy system, starting with notifications that spell out what apps are going to do with users’ data.
“Apple has repeatedly espoused that user privacy is of the utmost importance to the company. At the same time, it likes to balance that with not peppering a user with zillions of pop-up permissions. In cases like this, though, laying out specifically what exactly an app has access to seems like a no-brainer, and entirely welcome.”
There’s not a set date for a fix yet, but The Verge says it will likely be rolled in with a change that prevents apps from grabbing your address book info.
Transcript by Newsy.
(Image source: iPhone Family)