February 28, 2012
Another privacy issue is looming that calls into question Apple’s commitment to protecting the company's iDevice users’ personal data. Today comes word app developers can copy and upload a users’ photo library automatically and without their consent, according to The New York Times. More often than not, the first thing an iDevice owner sees when starting a new app is a message asking for permission for the app to access location information. Unfortunately, by doing so, there is perhaps more being sent to the developer than originally assumed. According to the report, clicking “ok” to the message prompt allows the app itself to copy a user’s entire photo library, without any additional notification or warning. While the “knowledge that this capability exists has been around for some time,” developers always assumed Apple wouldn’t accept apps into the App Store that actually did so. Unfortunately, we’ve been down this road before. Earlier this month, we reported social app Path was uploading address book information without a users' explicit permission, even though it was against Apple’s rules to do so. Soon, it was discovered that Yelp!, Foursquare and Twitter also took contact information without approval. While Apple has said it will correct the address book dilemma with an iOS update, it remains to be seen when the company will address this most recent finding. Allowing developers full access to a user’s photo library isn’t new. In fact, it has been technically possible since the fourth version of iOS arrived in 2010. As such, it was “intended to make photo apps more efficient.” Unfortunately, even app developers are confused as to why Apple would allow such a breach of security. Says John Casanta, owner of iPhone app development studio Tap Tap Tap:
“It’s very strange, because Apple is asking for location permission, but really what it is doing is accessing your entire photo library. The message the user is being presented with is very, very unclear.”David Jacobs, a fellow with the Electronic Privacy Information Center, concurs stating:
“Apple has a tremendous responsibility as the gatekeeper to the App Store and the apps people put on their phone to police the apps. Apple and app makers should be making sure people understand what they are consenting to. It is pretty obvious that they aren’t doing a good enough job of that.”To date, it is unclear whether any apps in the App Store actually upload a users' entire photo library. However, with nearly 600,000 apps calling the App Store home, it is conceivable that a few are doing so, because they can do so. Hopefully, Apple will address this latest privacy issue. Until they do, iDevice customers should be aware that this photo library breach exists and act accordingly. Any thoughts on this story? Are you worried developers could gain access to your photos without your permission?