iOS 10 Now Requires User Permission to Access Media Library

[MacRumors]

Apple implemented privacy safeguards on iOS long ago so that when an app requests access to your contacts, calendars, photos, or location, a dialog box pops up asking for express user permission. On iOS 9 and previous software versions, however, that safeguard did not extend to a device's media library.

Apple developer Ben Dodson addressed the privacy concern in a blog post in January:

I discovered that there is no privacy prompt when a developer tries to access your library. In fact, they can access all of your music data [...] This process happens completely silently and in my tests I was able to loop through a library of 10,000 songs, put all the metadata in a JSON file, and upload it to a server in under 2 seconds!

Apple acknowledged the issue earlier this year, and it has now introduced a new Cocoa key called NSAppleMusicUsageDescription that developers are required to use in all apps which access the media library on iOS 10 or later. This change ensures that users have to grant express permission for an app to access the music library.

NSAppleMusicUsageDescription (String - iOS). This key lets you describe the reason your app accesses the user's media library. When the system prompts the user to allow access, the value that you provide for this key is displayed as part of the alert.

To protect user privacy, an iOS app linked on or after iOS 10.0, and which accesses the media library, must statically declare the intent to do so. Include the NSAppleMusicUsageDescription key in your app's Info.plist file and provide a purpose string for this key. If your app attempts to access the media library without a corresponding purpose string, your app exits.

The new requirement will prevent third-party developers from being able to access a user's media library and send data on what's included back to a server without user-granted permission. This includes changes to the media library, which could have been analyzed for advertising or tracking purposes.

Apps that have requested access to your media library are listed in Settings > Privacy > Media Library.

Apple previewed iOS 10 on Monday during its WWDC 2016 keynote, and it has seeded the first beta to developers. A public beta will launch in July ahead of an official release in the fall. iOS 10 is compatible with most iOS 9 devices, excluding the iPhone 4s, iPad 2 and 3, original iPad mini, and fifth-generation iPod touch.

(Thanks, Steve Moser!)

Article Link: iOS 10 Now Requires User Permission to Access Media Library

 

[nozebleed]

can confirm, audible app requested access to music this morning.....although i cant figure out what for

 

[H2SO4]

Not being funny, but what kind of metadata is contained within/linked to a song that would bother me if it was uploaded to somebody elses server?

 

[Shirasaki]

This all of a sudden change "breaks" Marvis at the first place.
I thought this was not iOS fault.
Anyway, lift restriction, allow access, and I am happy again.
(I can see what I am typing through keyboard suggestions easily)

 

[keysofanxiety]

Not being funny, but what kind of metadata is contained within/linked to a song that would bother me if it was uploaded to somebody elses server?

Good point. However that would also beg the question why they would need to do it in the first place. So whether or not it's malicious, it's good to know that they can't access it without prompting.

 

[dvkid]

Not being funny, but what kind of metadata is contained within/linked to a song that would bother me if it was uploaded to somebody elses server?

The most worrisome use for this was the ability to perform a comparison on someones music library and use it as sort of a digital fingerprint to track you across apps in the same way the UDID used to.

For example, if two different apps see the exact same music library on two devices they can reasonably assume that's the same person because of how many points of comparison the music library provides.

 

[H2SO4]

The most worrisome use for this was the ability to perform a comparison on someones music library and use it as sort of a digital fingerprint to track you across apps in the same way the UDID used to.

For example, if two different apps see the exact same music library on two devices they can reasonably assume that's the same person because of how many points of comparison the music library provides.

Ah, Ok. I see. Thanks.

 

[ArtOfWarfare]

Not being funny, but what kind of metadata is contained within/linked to a song that would bother me if it was uploaded to somebody elses server?

It's just a way for an app to learn things about you that maybe you don't want to share.

 

[H2SO4]

It's just a way for an app to learn things about you that maybe you don't want to share.

Yes, but my point was. Like what? dvkid has made a suggestion but that aside can you see any others?
Sooner or later we’re going to start seeing supermarket loyalty cards being made illegal at this rate.

 

[2457248]

good, but still, i believe the majority of people just allow everything on each app because they don't care/bother to read the prompts, and they aren't aware of how these privacy breach can possibly do harm.

 

[Zirel]

Not being funny, but what kind of metadata is contained within/linked to a song that would bother me if it was uploaded to somebody elses server?

The music you listen to is a bit indicator of your personality.
[doublepost=1466002935][/doublepost]

good, but still, i believe the majority of people just allow everything on each app because they don't care/bother to read the prompts, and they aren't aware of how these privacy breach can possibly do harm.

Lowest common denominator is the lowest.

Not everyone is dumb.

 

[69Mustang]

I can see it now... since everyone is still on 9, there's some crazy dev(s) out there just accessing and uploading as much info as they can. Not that they can do much with it, but still.

 

[Jimmy James]

Yes, but my point was. Like what? dvkid has made a suggestion but that aside can you see any others?
Sooner or later we’re going to start seeing supermarket loyalty cards being made illegal at this rate.

And they should be made illegal if they somehow allow unauthorized access to data on my handheld computing device.

 

[T-Will]

I seriously love Apple's dedication to privacy.

 

[canesalato]

=) good old times

 

[2457282]

I laughed when I saw the name of the key. Please note that the first three letters say "NSA". Maybe a coincidence, but also maybe a not too subtle statement.






BTW- yes, i went to the COCOA page and there are several others keys that start the same way. But I still find it funny.

 

[JaJaWa]

There was me thinking Spotify were spying on their competitors!

 

[jozero]

This is a positive for the user, but Apple wiped out *all* access to media with this fix in iOS9.3. For example previously an app developer could get the titles of iTunes movies and tv shows, music, and podcasts. When they fixed it they basically made the iOS API call return nothing with zero warning.

It essentially destroyed months of work I did on an App I was building. I've sent it in various requests to Apple Dev Forums and Developer Access with zero reply.

I *agree* with the need for the user prompt. All Apple has done though is bring back the music access with a user prompt (as it should be). As far as I can tell in iOS10 the access still doesn't extend past music access.

I'm not asking for pity. Just wanted to say these unilateral closed lip decisions made by apple do have collateral damage.

 

[akadafni]

The music you listen to is a bit indicator of your personality.
[doublepost=1466002935][/doublepost]

Lowest common denominator is the lowest.

Not everyone is dumb.

Personality indicator?

I've got Sinatra, Johnny Cash, N.W.A, Prince, Mumford & Sons, Aerosmith

What does that say about me?

 

[Carlanga]

Not being funny, but what kind of metadata is contained within/linked to a song that would bother me if it was uploaded to somebody elses server?

what you like to hear, so ads can be directed to the same type of music, same thing as other searches.


I hope the ad bubble bursts tbh.
[doublepost=1466025090][/doublepost]

Personality indicator?

I've got Sinatra, Johnny Cash, N.W.A, Prince, Mumford & Sons, Aerosmith

What does that say about me?

You are a stickler for older music, nothing new really interest you so techno and other things are out maybe pop. You like classics of genres so you might be a good candidate for a greatest hit ad. So they go and show you an ad for a GH johnny cash or an ad about harmonicas w a small part of a song you like, then clothing styles since you like to stay behind and listen to most hits then an ad for a classic style clothing line w some small sinatra playing in the background maybe from brooks brothers etc etc...

 

[SmallDane]

Not being funny, but what kind of metadata is contained within/linked to a song that would bother me if it was uploaded to somebody elses server?

It's not data within the songs as such. It's the list of songs themselves. Music can indeed reveal a lot about you. You can potentially infer political orientation, sexual orientation, current or past emotional status, and probably lots of other things. Maybe these inferences will not be 100% accurate or even always useful. But I can certainly think of situations where I would not want somebody to know exactly what I am listening to. Remember, once it has been uploaded to some third party, you have lost control completely over that data forever.

Sooner or later we’re going to start seeing supermarket loyalty cards being made illegal at this rate.

Nothing is being made illegal here. Apple is simply giving you an option to better control who sees your personal data. If it doesn't bother you that others might see it, just give the permission. I suspect most people will do that reflectively.

 

[AZhappyjack]

It's not data within the songs as such. It's the list of songs themselves. Music can indeed reveal a lot about you. You can potentially infer political orientation, sexual orientation, current or past emotional status, and probably lots of other things. Maybe these inferences will not be 100% accurate or even always useful. But I can certainly think of situations where I would not want somebody to know exactly what I am listening to. Remember, once it has been uploaded to some third party, you have lost control completely over that data forever.



Nothing is being made illegal here. Apple is simply giving you an option to better control who sees your personal data. If it doesn't bother you that others might see it, just give the permission. I suspect most people will do that reflectively.

Well stated. For a moment, I feared that common sense had left the building.

If it may matter to you, then analyze and decide. If it doesn't, just whack the 'agree' option and move on. everything needn't be melodramatic.

 

[akadafni]

what you like to hear, so ads can be directed to the same type of music, same thing as other searches.


I hope the ad bubble bursts tbh.
[doublepost=1466025090][/doublepost]
You are a stickler for older music, nothing new really interest you so techno and other things are out maybe pop. You like classics of genres so you might be a good candidate for a greatest hit ad. So they go and show you an ad for a GH johnny cash or an ad about harmonicas w a small part of a song you like, then clothing styles since you like to stay behind and listen to most hits then an ad for a classic style clothing line w some small sinatra playing in the background maybe from brooks brothers etc etc...

False. I've also got Adele, Muse, Usher, Maroon 5, Gary Clark Jr.

 

[SmallDane]

False. I've also got Adele, Muse, Usher, Maroon 5, Gary Clark Jr.

And the program with access to your music library would obviously know that as well even though you chose not to reveal it in this thread. That doesn't make his answer false.

 

[Carlanga]

False. I've also got Adele, Muse, Usher, Maroon 5, Gary Clark Jr.

It's not false. I based it on what you said you listen. You deliberately removed your pop. It's not my fault. If I had access to your music data then this would not be an issue.