iOS Photo and Video Privacy Issues Highlighted with New Test Application

[nagromme]

I think it’s fine for there to be no specific photo-permission required when you’re going to your photo library (by hand, knowing you’re doing so) and choosing exactly which image(s) you’re willing to share with the app. That’s how every image app I’ve used works, and there’s no need to complicate that.

I had no idea there even WAS any other way for apps to get to my photos. Since there is, it needs to require permission!

It seems highly likely that a future iOS version will have a very thorough permissions system in place; maybe even already done, although not in our hands. It should have been thought of sooner, but a mistake was made. Hindsight is 20/20.

Seems the walled garden has a massive gate in it and the user can be tricked into opening it.

As usual, Apple is taking a long time to fix critical issues with its software. Remember the month iOS users had to wait for DigiNotar certificates to be disabled last year?

Fixes need testing, or a whole complex domino effect can be worse than the original problem. What seems simple may not be to the insiders actually doing the programming. I wish Apple was faster, but they’re still faster than many! Sometimes very, very fast—not always.

But in this case, the story is only a few minutes old so I’m not complaining about their response time just yet

Yes, these are apps. What, do people want to get bombarded by 10 alerts on running an app? No, its annoying. Its Windows like.

As for Android nobody reads those permissions lists. Even on ML those permissions are for the Sandbox, not for users though it would be nice to see it listed in the App Store.

I think its better for the app to list what it does, than for the user to have to press OK 10 times.

This would only be ONE added permission tap, the first time you launch an app—and only certain apps. If multiple things are needed, they could even be asked for in a single popup. And this would be rare, ONLY for apps that need it: few apps need to access your entire photo library at once, so very few would offer the extra permission alert.

A solution where users have to read something that’s really optional (like part of the app download screen) isn’t going to protect people. Just not practical. Luckily, very simple and practical solutions exist—in fact, Apple uses them, just not everywhere they need to.

 

[drummingcraig]

You are readig things into it. I wrote that at least I have a legal recourse if I feel that my privacy was violated due to the iOS mechanisms. I stated that nevertheless this is bad, did I?

There is one good reason why a jailbreak makes the system more vulnerable though: These loopholes can be used purposefully and no review will give it a second look. Also, all Apple will tell you is "Told you so! Shouldn't have altered your OS!"

Essentially, it is bad enought that there is the loophole but if you combine that with no oversight, it gets definitely worse!

I understand and I agree with you. But things do slip thru Apple's "defenses" from time to time and barring a major/massive privacy slip-up I don't see anyone having much recourse. At least within the JB'ing community there are a lot of devs who look out for their users & customers. Yes, it can be a bit of the wild west out there but so long as you deal with reputable sources and use some common sense you should be OK.

 

[Amazing Iceman]

What's the big deal about this???

This message comes app for any app you run that requires access to your Photos.
If you don't trust the app, just "Don't Allow" it!

It's not like the app is accessing your photos and location without your permission.
If Apple find out an app is doing anything illegal with your data, they should be able to disable the app and ban the developer.

 

[Thunderhawks]

What's the big deal about this???

This message comes app for any app you run that requires access to your Photos.
If you don't trust the app, just "Don't Allow" it!

It's not like the app is accessing your photos and location without your permission.
If Apple find out an app is doing anything illegal with your data, they should be able to disable the app and ban the developer.

Maybe I am not a typical user, but since I don't have any money to speak of, I just click on everything highlighted until it goes away as all these things are annoying.

I am not on any social or business website and I delete every e-mail that invites me to join, friend or not. (Includes Nigerian princess offering $$

Only things that get written on my wall is real graffiti .

As for location data, I am right here and not hiding. Nothing on my iphone to hack or get. Just apps.

Haven't had a problem in 25 years with my system of laying low.

Just wondering where the problem is?

 

[mjtomlin]

This problem has existed since Day 1, and has been ignored by both Apple and millions of users. It goes to show you how easily we trust those who should not be trusted today. I am baffled at the phenomena.

That the public doesn't care is illustrated by the widespread use of Facebook.

While I somewhat agree, I disagree that it is a "problem" that was ignored. It was never a problem until someone decided to make it one. The only problem here is that a developer has abused a user's trust (or I'd even whittle that down to a user not understanding what an application is doing and how it does it).

This of course leads to pandemonium that eventually leads to user's needing to be coddled even further than they were before. This reminds of that art project where the artist attached a warning label to every barb on a barbed wire fence, to make sure people knew they could get pricked by it. This was a great statement on modern society's need to be reminded that not everything is safe and there may be dangers in the world beyond our own control

It's funny to watch old video footage of times when people were basically still responsible for their own actions. You compare with today's society and it makes us look complete morons that don't know how to take care of ourselves ...Someday, we'll all have to wear Nerf protective suits to leave the house.

 

[kdarling]

At least Apple and other curated stores have the ability to know what is actually going on before allowing the app on the market.

Demonstrably not true. Remember when Apple let through that simple flashlight app from a teenager which harbored an unauthorized secret wifi tethering mode? And that was inside a flashlight app, which is basically the simplest possible app you can submit.

In the past there have been plenty of apps that were found to send various bits of personal information out to servers, mostly for advertising purposes.

The only way you can really be sure what the app is doing is to test it out and/or go through the code. Which is what a curated approach does.

Apple might run some automated tests and code checking for a few minutes, but that's not a guarantee of safety.

Apple doesn't have anyone's app source code, and they don't have the resources to check for every type of hidden code in the binary.

Apple could watch for a few minutes to see if data goes out, but a smart piece of malware would wait for a longer period before going live.

While any vetting helps a bit, the best protection on any OS is being aware of what you're downloading, its original source, and what it should be doing. Personally I think every device should keep a log of its transmissions so people could later check what their apps are doing. Of course, people scream about logs, too

 

[adrianweller]

On the hunt

Wow, the NYT really have taken it on themselves lately to "hold Apple accountable". Must be something to this behind the scenes.
Only problem though, is they are so hopelessly incompetent at it!
Maybe before the New York Times exposes Apple for being so bad at what they to, they should be good at what they do - otherwise it's just spectacular hipocrisy.

 

[ericinboston]

Moot.

On a computer, all programs have access to your personal photo library and can do the same thing for years.

Not moot. There is a big difference from a traditional, full fledged OS that allows the installation of any software product vs. a closed-system, closed-manufactured product by Apple whose "apps" are subject to approval by Apple.

This is supposedly a phone...not a computer...something more simplistic yet fun to use. If the underlying developer code and Approval procedures do not explicitly restrict evil apps from sending, say, all your photos to some FTP site without your knowledge, then I would say that's a huge problem...on many levels...and it's 100% Apple's fault since they make the device, the iOS, and explicitly control what apps can be downloaded and installed.

Whether you like it or not, it's Apple's fault for allowing this type of code from running. The folks in this forum that believe this is moot are nuts...they're trying to convince me/you that by purchasing the iPhone, I am agreeing to allow apps to do anything they want with my data on the phone. Hmmmm...so it would be ok to delete all my pix? Or replace them with empty JPGs? Or randomly re-write my Contacts list. Or randomly dial 911 when I am asleep. Or replace all my browser history with dirty website links? Or delete all my email? Or send thousands of text messages to my Contacts in order to ring up a nice fat ATT bill. Or any other combination of rogue processes.

Get real if anyone here thinks this privacy issue is pointless.

 

[kalsta]

Location permission gives the developer complete access to your entire photo library?! As much as I like Apple products, I'll be the first to call this out as an absolute disgrace.

Puts a completely new perspective on the 'iCloud Harmony' commercial doesn't it!

 

[steve217]

Looks like the NYT didn't appreciate getting stiffed on an advance notice of the Mountain Lion release.

 

[BaldiMac]

Not moot. There is a big difference from a traditional, full fledged OS that allows the installation of any software product vs. a closed-system, closed-manufactured product by Apple whose "apps" are subject to approval by Apple.

This is supposedly a phone...not a computer...something more simplistic yet fun to use. If the underlying developer code and Approval procedures do not explicitly restrict evil apps from sending, say, all your photos to some FTP site without your knowledge, then I would say that's a huge problem...on many levels...and it's 100% Apple's fault since they make the device, the iOS, and explicitly control what apps can be downloaded and installed.

Whether you like it or not, it's Apple's fault for allowing this type of code from running. The folks in this forum that believe this is moot are nuts...they're trying to convince me/you that by purchasing the iPhone, I am agreeing to allow apps to do anything they want with my data on the phone. Hmmmm...so it would be ok to delete all my pix? Or replace them with empty JPGs? Or randomly re-write my Contacts list. Or randomly dial 911 when I am asleep. Or replace all my browser history with dirty website links? Or delete all my email? Or send thousands of text messages to my Contacts in order to ring up a nice fat ATT bill. Or any other combination of rogue processes.

Get real if anyone here thinks this privacy issue is pointless.

Again, every popular OS allows this.

This argument seems to be that since Apple does a better job at preventing malware than anyone else, we should expect them to be perfect and prevent even theoretical problems. It's just a ridiculous standard.

 

[kalsta]

Asking for permission for the wrong thing is a major glitch—it is NOT asking the user for permission in any way that is meaningful to the user. It’s like asking your friend “can I have your french fries?” and then taking his bike. Can you really say, “but I asked permission!”?

And so it needs to be fixed. I know I’m glad to know the possibility exists! The article is very relevant to me, and I’m glad someone went to the effort to track it down and report it.

Whether it “would have” been approved isn’t something we need to know, because it would have been one lone submission, and we’re talking about human process where things slip though sometimes and not other times. Knowing it COULD have been approved is sufficient for alarm.

This needs to be solved on a technical, automatic level—ask for specific, clear permissions, and don’t let the device send out any personal info beyond what the user has opted into. (Maybe ask for BOTH location and photo access, if need be.) This sounds like an easy fix for Apple in an update. It does NOT need to be solved by a subjective, labor-intensive human-enforcement method (app review process) which we know can let things slip. That’s a good process for what it does, but there’s a better solution for things of this nature.

Now, I do wish security researchers would report privately to the vendor first—that’s good practice and protects us better. But I realize this is a publication and not a security firm. Better to find out about this the wrong way than not at all!

Ah… the rare voice of reason on MR! Nice comment.

----------

Again, every popular OS allows this.

This argument seems to be that since Apple does a better job at preventing malware than anyone else, we should expect them to be perfect and prevent even theoretical problems. It's just a ridiculous standard.

You don't think Apple should have considered this possibility before and tested for it? iOS has only been out for what, five years? And the App Store for three and a half? You don't think it's reasonable to expect that Apple might have considered sometime before now what kind of personal data and media their devices are storing and what customer expectations might be regarding privacy?

I don't think there's anything 'ridiculous' about holding Apple to a higher standard than this. I'm amazed others are so blasé about it.

 

[BaldiMac]

You don't think Apple should have considered this possibility before and tested for it? iOS has only been out for what, five years? And the App Store for three and a half? You don't think it's reasonable to expect that Apple might have considered sometime before now what kind of personal data and media their devices are storing and what customer expectations might be regarding privacy?

I don't think there's anything 'ridiculous' about holding Apple to a higher standard than this. I'm amazed others are so blasé about it.

Why was it not a problem for the last 20 years on Mac or Windows or Linux? At some point, you just have to trust the developer of the app that you choose to use. iOS does more to prevent the actual problem being discussed (stealing personal information) than any other popular OS.

 

[Brandon Abell]

What's the big deal about this???

This message comes app for any app you run that requires access to your Photos.
If you don't trust the app, just "Don't Allow" it!

It's not like the app is accessing your photos and location without your permission.
If Apple find out an app is doing anything illegal with your data, they should be able to disable the app and ban the developer.

You really don't see the difference between permissions for a file's metadata, and permissions for the file's *contents*?

Wow.

 

[writingdevil]

I understand and I agree with you. But things do slip thru Apple's "defenses" from time to time and barring a major/massive privacy slip-up I don't see anyone having much recourse. At least within the JB'ing community there are a lot of devs who look out for their users & customers. Yes, it can be a bit of the wild west out there but so long as you deal with reputable sources and use some common sense you should be OK.

"...within the JB'ing community there are a lot of devs who look out for their users & customers..."
Not sure what this claim is based on? You could probably say that about any group, but specifics?

"...so long as you deal with reputable sources..."
how does one determine a "reputable source"?

"... use some common sense..."
this whole post seems pretty general, which is ok, but, for me, it doesn't really deal with specifics of the issue, just generalizations. Any new tips are always helpful to all, of based on more than inside information about a site.

 

[kalsta]

Why was it not a problem for the last 20 years on Mac or Windows or Linux? At some point, you just have to trust the developer of the app that you choose to use. iOS does more to prevent the actual problem being discussed (stealing personal information) than any other popular OS.

It was and is a problem. But there's a pretty big difference between downloading a bit of shareware from a developer you've never heard of, and buying an app from Apple, knowing that Apple has approved it.

Apple states:

'The app approval process is in place to ensure that applications are reliable, perform as expected, and are free of explicit and offensive material.'​

If an app asks for permission to access your location, and then secretly uploads all your personal photos to a remote server, do you think that meets Apple's stated goals? Has it performed as expected?

Make no mistake, Apple took on a serious task when they created the App Store and individual app vetting. It was a huge undertaking, and I respect that, but having undertaken it, they have a responsibility to users who might reasonably expect better protection of their private and potentially sensitive data.

 

[Geniva]

If this leads to a constant stream of pop-ups from every single app looking to do something, it's going to get annoying fast.

 

[krzyglue]

So, NYT, just to be sure:

1. You asked the user for permission (although not explicitly for what you did).

2. You did not submit this to the App Store (aka, have no idea whether it would have been approved)

Gotcha. Thanks, but you couldn't have put together a more irrelevant example of an App Store App that takes data without permission.

Sorry I don't see what you're trying to say. I thought the point was that the Path app proved things can make it through the approval process. This is simply an extension on top of that, demonstrating what else can be accessed.

Not sure what you were expecting.

 

[Tinmania]

Wait a second....

I don't see the importance of asking to use location data. The GPS part is really irrelevant. You are not being conned into granting permission to the camera roll. It is a freaking camera app: of COURSE it would have access to photos.

It is the act of misusing that access that is the problem. This is where Apple needs to have developers state and ask, in no uncertain terms, what they are doing with any access that is granted. Going outside those terms should be grounds for the app taken down, and perhaps loss of access to the app store for that developer outright.

Beyond that I think we need civil and criminal laws that deal with this issue. You can be arrested for identity theft or fraud for example. This type of behavior is coming awfully close to criminal behavior in my eyes.




Michael

 

[krzyglue]

Why was it not a problem for the last 20 years on Mac or Windows or Linux? At some point, you just have to trust the developer of the app that you choose to use. iOS does more to prevent the actual problem being discussed (stealing personal information) than any other popular OS.

I agree, except for your assertion that "iOS does more to prevent the actual problem" than any other OS. While Android's un-regulated market is an issue, the fact that when you download an app, the user is informed of what information it can access is a definite plus over iOS. No this is not infalliable, but this is one layer of security iOS does not have. A user would/should be mighty suspicious if a flashlight app needs access to your location data or contacts. Or, if you're going to argue that such a flashlight app wouldn't make it to the store, this would at least give the user choice when downloading an app. Privacy after all, should be within our control.

Anyone who knows anything about security will attest to the fact that a good defense consists of layers of protection.

----------

Wait a second....

I don't see the importance of asking to use location data. The GPS part is really irrelevant. You are not being conned into granting permission to the camera roll. It is a freaking camera app: of COURSE it would have access to photos.

It is the act of misusing that access that is the problem. This is where Apple needs to have developers state and ask, in no uncertain terms, what they are doing with any access that is granted. Going outside those terms should be grounds for the app taken down, and perhaps loss of access to the app store for that developer outright.

Michael

Not just ask the developers, but build the App store so that any app that calls the relevant apis for contacts, photos, etc. will have this fact listed on the info page. This in addition to possibly triggering a notification, much like how location data works now.

 

[kalsta]

I suggest people go into the Location Services settings screen and take a look at what apps have requested or are accessing location information. Even though we must have at some point dealt with a dialog requesting permission, it's still quite a shock to see the long list of apps, many of which really have no business knowing your location—without even considering the other possibilities. There's a simple flashlight app in there of all things—one that just makes the screen go white, or different colours. What business could this app possibly have accessing my location?!

Okay, I'm off to delete a few apps…

 

[Tinmania]

Not just ask the developers, but build the App store so that any app that calls the relevant apis for contacts, photos, etc. will have this fact listed on the info page. This in addition to possibly triggering a notification, much like how location data works now.

While this is true, there is a point where that can still break down. A photo editing app for instance would need access to the camera roll and most likely even the ability to email photos. So I can see that getting approval when only later it is discovered that the app is emailing photos back to itself.

To me there really needs to be stronger punishment for that kind of behavior. I'm not usually in favor of more and more laws but in this case I am. Or apply existing laws to this kind of behavior. I don't care if they are secretly doing this to make money for marketing purposes or to steal outright. They both should be criminal activities in my eyes.




Michael

 

[doctor-don]

Yes, these are apps. What, do people want to get bombarded by 10 alerts on running an app? No, its annoying. Its Windows like.

As for Android nobody reads those permissions lists. Even on ML those permissions are for the Sandbox, not for users though it would be nice to see it listed in the App Store.

I think its better for the app to list what it does, than for the user to have to press OK 10 times.

Then YOU have another think coming. Every time I look to upload or update an app on my Sensation, I look at what the app is asking for permission to access, modify, etc.

----------

While Apple quickly responded to note that it would be addressing the issue by requiring explicit permission to be granted by users for apps to access their address book data, it has been a relatively open secret for some time that developers can gain access to a broad array of what might be considered private information, including photos, calendars, and other content.

NO app should be allowed to access a user's address book - ever. If it does, it's right down in the gutter with Tagged, LinkedIn, Shoppybag, etc. Next thing you know, email is being sent to people in your address book, and the addressees open it because it came from you. Make the fine for this abuse equal to the net value of the person or company doing it. Or just OFF WITH THEIR HEADS.

 

[dejo]

Looks like the NYT didn't appreciate getting stiffed on an advance notice of the Mountain Lion release.

Except they weren't. David Pogue had his one-on-one session right after John Gruber:
https://www.macrumors.com/2012/02/17/apple-shuns-the-new-york-times-in-os-x-mountain-lion-coverage-over-foxconn-reporting/ (see Update 2).

 

[gkpm]

Then YOU have another think coming. Every time I look to upload or update an app on my Sensation, I look at what the app is asking for permission to access, modify, etc.

OK Android fans, so which is the permission to read the photo roll on Android?

I don't see it.

Permissions on the Photoshop Express app - which reads the photo roll - don't state anything even remotely relevant.

https://market.android.com/details?id=com.adobe.psmobile

How do you know on Android if the app can read the photo roll? Thanks.

Edit: It seems apps on Android can read the photos without permissions at all.