It is being reported by New York Times, that there is another loophole which developers can take advantage of to gain access to your Photos Library without you ever knowing. The news grows upon previous reports in which an application called Path was uploading contacts from the Contacts.app without user consent.
“As it turns out, address books are not the only things up for grabs. Photos are also vulnerable. After a user allows an application on an iPhone, iPad or iPod Touch to have access to location information, the app can copy the user’s entire photo library, without any further notification or warning, according to app developers.
It is unclear whether any apps in Apple’s App Store are actually doing this. Apple says it screens all apps submitted to the store, and presumably it would not authorize an app that clearly copied a person’s photos without good reason. But copying address book data was also against Apple’s rules, and the company let through a number of popular apps that did so.”
Up until now there has been no real proof-of-concept behind developers actually being able to access your Photo Library through this proposed loophole.
New York Times has asked a developer (who has requested not to be named due to his association with a major company) however, to write a “test” program to actually show this loophole in action. The program they created was called PhotoSpy. When the app is installed on an iOS device for testing, it asks the user if it can access their location. After that has successfully been granted by the user, it starts uploading all photos and their location data to a remote server.
App developer David E. Chen, Curio’s Co-Founder explained:
“Conceivably, an app with access to location data could put together a history of where the user has been based on photo location. The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.”
What do you think of this discovery? Share your thoughts about it in the comments.
[Written by Khairul Akmal]
I believe Facebook has been doing this for marketing purposes (on android and iOS)