iOS Photo and Video Privacy Issues Highlighted with New Test Application

MacRumors · Feb 28, 2012

Earlier this month, privacy issues related to the uploading of users' address books to developers' servers were cast into the limelight as Congress requested details from Apple on how private information is handled and protected. While Apple quickly responded to note that it would be addressing the issue by requiring explicit permission to be granted by users for apps to access their address book data, it has been a relatively open secret for some time that developers can gain access to a broad array of what might be considered private information, including photos, calendars, and other content.

The New York Times today is taking a closer look at the topic of photos and videos, noting how easy it is for developers to quietly gain access to such content when given permission to collect location information.

After a user allows an application on an iPhone, iPad or iPod Touch to have access to location information, the app can copy the user's entire photo library, without any further notification or warning, according to app developers.

It is unclear whether any apps in Apple's App Store are actually doing this. Apple says it screens all apps submitted to the store, and presumably it would not authorize an app that clearly copied a person's photos without good reason. But copying address book data was also against Apple's rules, and the company let through a number of popular apps that did so.

The New York Times tested this behavior by commissioning an iOS developer to write a simple test application dubbed "PhotoSpy" that demonstrates how a simple pop-up requesting permission to access location information can actually lead to broad access to all photos and videos in a user's photo library on the device.

When the "PhotoSpy" app was started up, it asked for access to location data. Once this was granted, it began siphoning photos and their location data to a remote server. (The app was not submitted to the App Store.)

Apple and other mobile app distributors recently signed on to a new agreement with the California Attorney General's office that will see the companies making it easier for users to examine privacy policies associated with apps before they download them. And with pressure mounting on Apple to take further steps to ensure that apps can access only information explicitly permitted by users, many are undoubtedly hoping that more changes are coming in the relatively near future.

Update: The Verge reports that "sources familiar with the situation" have indicated the photo and video access is a bug and that a fix is in the works.

We spoke to sources familiar with the situation, and were informed that a fix is most likely coming for the loophole. According to the people we talked to, Apple has been made aware of the issue and is likely planning a fix with an upcoming release of iOS. Those sources also confirmed that the ability to send your photos and videos to a third-party is an error, not an intended feature. If we had to guess, the fix will likely come alongside a patch for Apple's other recent security issue -- the ability for apps to upload your address book information without warning.

Article Link: iOS Photo and Video Privacy Issues Highlighted with New Test Application

dethmaShine · Feb 28, 2012

This has been verified by a number of people on the forums.

- contacts
- calendars
- photos
- videos

Nothing new. Although, highly severe and critical.

Apple made a mess out of them. They should have treated this data, the way they treat locations in general. Too lenient.

Can't Stop · Feb 28, 2012

Even in a so called walled garden we can get these, imagine THE ANDROID CHAOS THEN.

pmz · Feb 28, 2012

So, NYT, just to be sure:

1. You asked the user for permission (although not explicitly for what you did).

2. You did not submit this to the App Store (aka, have no idea whether it would have been approved)

Gotcha. Thanks, but you couldn't have put together a more irrelevant example of an App Store App that takes data without permission.

neiltc13 · Feb 28, 2012

Seems the walled garden has a massive gate in it and the user can be tricked into opening it.

As usual, Apple is taking a long time to fix critical issues with its software. Remember the month iOS users had to wait for DigiNotar certificates to be disabled last year?

Mad-B-One · Feb 28, 2012

Considering that the AppStore makes reviews...

What happens if you jailbroke your phone? Now, Apps don't even get tested if they use loopholes like this. One more reason for me to stay inside the AppStore environment. At least I could sue Apple if their software allowed for it and despite their review of Apps they still break into my libraries.

I fully understand that the loophole needs to be closed regardless. And I assume that this is not the only one. Probably browsing history, documents and others are accessible without asking for proper permission somehow. I know, I assume a lot here, but since this is already the second major workaround the users' proper permission, I am probably not too far off.

Edit:
I hope they integrate something like a rights library which defines categotries of data, each prompting a different permission pop-up box so that Apps still work. The oposite, the pure sandbox where Apps can only access their own data, would be horrible. The user just has to be aware what which App is allowed to do and has to have contol of it.

macrumorsuser10 · Feb 28, 2012

This is a rare area where Android actually does a better job. The developer of each app must state in the packaged manifest file the access permissions to physical hardware (e.g. GPS, microphone) and services (e.g. file system) that the app uses. These requirements are then shown explicitly in the Android marketplace before the use downloads the app. In iOS, there is a plist for developers to state access requirements, but until now, they are not shown in the App Store.

newagemac · Feb 28, 2012

This is an example of just how much you could be risking downloading an app from a store that doesn't have an approval process in place. If there is an app that hasn't been vetted, you really don't have any type of clue what they might be doing behind the scenes. At least Apple and other curated stores have the ability to know what is actually going on before allowing the app on the market.

I always find it funny when some people who use non curated app stores say "Just make sure you aren't downloading any shady apps." How the heck would you even know? It's not like someone with bad intentions is going actually try and make their app seem untrustworthy.

The only way you can really be sure what the app is doing is to test it out and/or go through the code. Which is what a curated approach does.

BaldiMac · Feb 28, 2012

Where has this cutting edge journalism been for the last couple decades? Every OS I know allows this behavior. Why is it a problem all of the sudden?

newagemac · Feb 28, 2012

macrumorsuser10 said:
This is a rare area where Android actually does a better job. The developer of each app must state in the packaged manifest file the access permissions to physical hardware (e.g. GPS, microphone) and services (e.g. file system) that the app uses. These requirements are then shown explicitly in the Android marketplace before the use downloads the app. There is no similar equivalent in iOS or the App Store.

The problem with that approach is that it isn't granular enough. And it can't possibly be granular enough to prevent malware and rogue apps. For example, let's say let's say you are looking for a file manager for your Android device. Well, the manifest says the app needs access to the file system. "Ok, that makes sense." Then you download the app and it proceeds to delete every file on your device and replace them with viruses or something.

There is absolutely no way you can defend against that unless you have a curated approach. If it's a file manager, it needs access to your files. Likewise in the NY Times example, if it is a photo editing app, it needs access to your photos. There is no way getting around it. Someone has to actually test the app to know what exactly it will do once it has access to some particular part of your device. That's why Android is a goldmine for malware and privacy invaders.

neiltc13 · Feb 28, 2012

newagemac said:
This is an example of just how much you could be risking downloading an app from a store that doesn't have an approval process in place. If there is an app that hasn't been vetted, you really don't have any type of clue what they might be doing behind the scenes. At least Apple and other curated stores have the ability to know what is actually going on before allowing the app on the market.

I always find it funny when some people who use non curated app stores say "Just make sure you aren't downloading any shady apps." How the heck would you even know? It's not like someone with bad intentions is going actually try and make their app seem untrustworthy.

The only way you can really be sure what the app is doing is to test it out and/or go through the code. Which is what a curated approach does.

I guess the curation team are allowed to take days off though:

Consultant · Feb 28, 2012

Moot.

On a computer, all programs have access to your personal photo library and can do the same thing for years.

Mad-B-One · Feb 28, 2012

neiltc13 said:
Seems the walled garden has a massive gate in it and the user can be tricked into opening it.

As usual, Apple is taking a long time to fix critical issues with its software. Remember the month iOS users had to wait for DigiNotar certificates to be disabled last year?

At least iPhones don't come pre-installed with carriers' spy ware package where you don't even have an option to say No! I remember when I had a different phone and I called the carrier that a feature was missing after a hadset replacement. While I was on the phone, the carrier pushed software on it. Sure, I gave permission but hey - how can I control when they install something I don't want? Any program running in the background could get far more information than I want. As far as I see it, iPhones don't allow for that, do they?

Consultant · Feb 28, 2012

macrumorsuser10 said:
This is a rare area where Android actually does a better job. The developer of each app must state in the packaged manifest file the access permissions to physical hardware (e.g. GPS, microphone) and services (e.g. file system) that the app uses. These requirements are then shown explicitly in the Android marketplace before the use downloads the app. In iOS, there is a plist for developers to state access requirements, but until now, they are not shown in the App Store.

Nope. Android permission can be easily bypassed by Android malware:
http://www.theregister.co.uk/2011/11/30/google_android_security_bug/

neiltc13 · Feb 28, 2012

Consultant said:
Moot.

On a computer, all programs have access to your personal photo library and can do the same thing for years.

If this is okay on iOS, why do you make such a big deal about the same thing on Android?

Consultant said:
Malware is a real problem on Android that is made worst by lack of updates / security updates.

Mad-B-One · Feb 28, 2012

macrumorsuser10 said:
This is a rare area where Android actually does a better job. The developer of each app must state in the packaged manifest file the access permissions to physical hardware (e.g. GPS, microphone) and services (e.g. file system) that the app uses. These requirements are then shown explicitly in the Android marketplace before the use downloads the app. In iOS, there is a plist for developers to state access requirements, but until now, they are not shown in the App Store.

Except that they just bombard you with long text boxes telling you that they want you to allow everything before you even install the program. iOS Apps can be installed without having the rights. This might criple Apps if you don't allow a service but they still run. Android Apps don't install without agreement. Just read what Pandora for Android wants you to agree to before installing and compare that to the iOS version. Still making your point?

BaldiMac · Feb 28, 2012

neiltc13 said:
If this is okay on iOS, why do you make such a big deal about the same thing on Android?

Having access to private data is not the same thing as malware???

jtara · Feb 28, 2012

When I first looked at this, I wondered why it even has to request permission for location data.

Well, it does, and that's because photos might contain location information in the metadata.

So, iPhone users can at least be assured that their photos aren't being accessed if the app doesn't ask permission for location data.

This problem has existed since Day 1, and has been ignored by both Apple and millions of users. It goes to show you how easily we trust those who should not be trusted today. I am baffled at the phenomena.

That the public doesn't care is illustrated by the widespread use of Facebook.

It's going to bite many people. I do think that the public will take an about face over the next couple of years, as the chickens come home to roost. I think the major factor driving this will be the largescale abandonment of the traditional resume by job-seekers and employers.

Lots of people are going to find that they screwed themselves royally.

drummingcraig · Feb 28, 2012

I find it intriguing that you're blasting jail breaking when in fact Apple hasn't exactly done a mash-up job concerning privacy issues with their "official" apps.

Mad-B-One said:
What happens if you jailbroke your phone? Now, Apps don't even get tested if they use loopholes like this. One more reason for me to stay inside the AppStore environment. At least I could sue Apple if their software allowed for it and despite their review of Apps they still break into my libraries.

I fully understand that the loophole needs to be closed regardless. And I assume that this is not the only one. Probably browsing history, documents and others are accessible without asking for proper permission somehow. I know, I assume a lot here, but since this is already the second major workaround the users' proper permission, I am probably not too far off.

Edit:
I hope they integrate something like a rights library which defines categotries of data, each prompting a different permission pop-up box so that Apps still work. The oposite, the pure sandbox where Apps can only access their own data, would be horrible. The user just has to be aware what which App is allowed to do and has to have contol of it.

Consultant · Feb 28, 2012

neiltc13 said:
If this is okay on iOS, why do you make such a big deal about the same thing on Android?

Compared to other mobile platforms, iOS gets very rapid updates.

1% of Android users are on the latest 4+ month old version ICS.

Overwhelming majority of iOS devices (iPhone 4S, iPhone 4, iPhone 3GS, iPad 2, iPad, ipod touch 4, iPod touch 3) can update to the latest iOS 5.0.1.

ArtOfWarfare · Feb 28, 2012

I was looking into how to develop sandbox compliant apps in Mountain Lion and found that there are actually 20 different things an app potentially has to get permission to do (permission to read contact data is separate from permission to write contact data is separate from permission to read photos is separate from permission to write photos and on and on*). I'm sure Apple has something similar prepared for iOS 6.

*I haven't actually played with this stuff yet. I suspect the way it actually works is just that Apple has to approve of the app making these specific interactions... users will be asked for more general permission, I imagine, something along the lines of, "This app would like to access your photos and contact information. Deny / Allow", rather than 4 separate warnings. Apple makes sure nothing malicious happens. User makes sure their privacy isn't violated.

nagromme · Feb 28, 2012

pmz said:
So, NYT, just to be sure:

1. You asked the user for permission (although not explicitly for what you did).

2. You did not submit this to the App Store (aka, have no idea whether it would have been approved)

Gotcha. Thanks, but you couldn't have put together a more irrelevant example of an App Store App that takes data without permission.

Asking for permission for the wrong thing is a major glitch—it is NOT asking the user for permission in any way that is meaningful to the user. It’s like asking your friend “can I have your french fries?” and then taking his bike. Can you really say, “but I asked permission!”?

And so it needs to be fixed. I know I’m glad to know the possibility exists! The article is very relevant to me, and I’m glad someone went to the effort to track it down and report it.

Whether it “would have” been approved isn’t something we need to know, because it would have been one lone submission, and we’re talking about human process where things slip though sometimes and not other times. Knowing it COULD have been approved is sufficient for alarm.

This needs to be solved on a technical, automatic level—ask for specific, clear permissions, and don’t let the device send out any personal info beyond what the user has opted into. (Maybe ask for BOTH location and photo access, if need be.) This sounds like an easy fix for Apple in an update. It does NOT need to be solved by a subjective, labor-intensive human-enforcement method (app review process) which we know can let things slip. That’s a good process for what it does, but there’s a better solution for things of this nature.

Now, I do wish security researchers would report privately to the vendor first—that’s good practice and protects us better. But I realize this is a publication and not a security firm. Better to find out about this the wrong way than not at all!

Mad-B-One · Feb 28, 2012

drummingcraig said:
I find it intriguing that you're blasting jail breaking when in fact Apple hasn't exactly done a mash-up job concerning privacy issues with their "official" apps.

You are readig things into it. I wrote that at least I have a legal recourse if I feel that my privacy was violated due to the iOS mechanisms. I stated that nevertheless this is bad, did I?

There is one good reason why a jailbreak makes the system more vulnerable though: These loopholes can be used purposefully and no review will give it a second look. Also, all Apple will tell you is "Told you so! Shouldn't have altered your OS!"

Essentially, it is bad enought that there is the loophole but if you combine that with no oversight, it gets definitely worse!

akac · Feb 28, 2012

Yes, these are apps. What, do people want to get bombarded by 10 alerts on running an app? No, its annoying. Its Windows like.

As for Android nobody reads those permissions lists. Even on ML those permissions are for the Sandbox, not for users though it would be nice to see it listed in the App Store.

I think its better for the app to list what it does, than for the user to have to press OK 10 times.

SBlue1 · Feb 28, 2012

this is not good. i was not aware this was possible.

iOS Photo and Video Privacy Issues Highlighted with New Test Application

macrumors bot

macrumors 68000

macrumors 6502

macrumors 68000

macrumors 68040

macrumors 6502a

macrumors 6502

macrumors 68020

macrumors G3

macrumors 68020

macrumors 68040

macrumors G5

macrumors 6502a

macrumors G5

macrumors 68040

macrumors 6502a

macrumors G3

macrumors 68020

macrumors 6502a

macrumors G5

macrumors G3

macrumors G5

macrumors 6502a

macrumors 6502

macrumors 68000

Our Staff