iOS loophole lets developers access all your photos

Apple may soon have to fight the flames of another privacy-related controversy, this time involving a loophole in their iOS apps that allows developers access to users' photos. There's already been controversy over iOS apps accessing users' address books without permission, but now it appears the situation is actually much worse. The apps can also secretly access users' photos and upload them to a remote server once users allow apps permission to their location information.

According to a NYT report, after a user allows an iOS app on an iPhone, iPad, or iPod touch to have access to location information, the app can upload the user's entire photo library without further notification or warning. Generally, the first time an app asks for permission to access location data, it will also note that location information in photos and videos will also become accessible.

"Conceivably, an app with access to location data could put together a history of where the user has been based on photo location," said David E. Chen, co-founder of Curio, a company that develops iOS apps. "The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use."

This capability was introduced in 2010 with the fourth version of iOS and developers have known its existence but have generally assumed that an app abusing the access would not make it through the screening process. It's not clear whether any current apps actually upload users' photos in this manner and you would think that if there were, they wouldn't make it through to the App Store. However, apps also aren't supposed be uploading users' address book information, and popular app Path, was recently found to be doing just that.

[via Cult of Mac]