Report: Apple hole allows apps to syphon user photos
02.03.2012 | 13:50Apple is facing more questions over its apps policies after an investigation revealed users' photos could be harvested by apps with location permissions.
Last month, the iPhone maker came under fire over the way apps were able to grab consumer address books without their consent.
According to a New York Times report, photos are also vulnerable because after users allow an application on an iOS device to have access to location information, the app can copy the user’s photo library, without any further notification or warning.
There's no suggestion that any apps are actively abusing the loophole, but it highlights a weakness. Although the App Store prohibits address book sniffing, it allowed apps into its walled garden that did collect the data, raising concerns that the same pattern could repeat itself.
The report found that applications using location data asked the user for permission stating that approval “allows access to location information in photos and videos”.
“Conceivably, an app with access to location data could put together a history of where the user has been based on photo location,” said David Chen, co-founder of iOS developer Curio.
“The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.”
Apple has not responded to requests for comment, but app developers called for greater clarity.
“It’s very strange, because Apple is asking for location permission, but really what it is doing is accessing your entire photo library,” John Casasanta, owner of development studio Tap Tap Tap, told the Times. “The message the user is being presented with is very, very unclear.”
By Stewart Mitchell
Source PC Pro
The latest news
- 15.10.2014 | 17:56 Malicious worm seeks vulnerable home data stores
- 15.10.2014 | 17:43 Poodle bug less bite than Heartbleed, say experts
- 15.10.2014 | 17:41 'Hurricane Panda' hackers used Microsoft zero-day, CrowdStrike says
- 15.10.2014 | 17:40 YouTube served users malicious advertisements, Trend Micro says
- 15.10.2014 | 17:38 Microsoft to bring Docker to Windows Server
- 15.10.2014 | 17:37 New rules to mitigate IoT threat to mobile networks