iOS Photo and Video Privacy Issues Highlighted with New Test Application

[kalsta]

Your analogies aren't actually considering the whole situation. We often invite people into our homes. An app that you choose to install is like a maid or handyman that you hire to perform a job for you. The App Store is the referral service that you trust to verify the credentials of the service provider. Do you think that most people follow the maid around the house to make sure they don't steal anything?

Good comeback analogy! But let's face it… every analogy has its flaws. Given the number of apps users tend to have on their phones these days, your analogy would require maids and handymen coming in and out of the house all day everyday. In a more realistic scenario, where the cleaner comes in by herself on a certain day, you may not follow her around the house, but if your computer goes missing after she was in, you'd have a pretty good idea who did it! Not the same with apps on your phone secretly doing evil things with your private data. In most cases you would have absolutely no way of knowing that anything had happened. None. A flashlight app could be siphoning off your private data for months, even years, and you'd be completely clueless.

And, yet, they haven't cared for the last couple decades.

You're confusing apathy with ignorance.

The obvious answer here is - I don't know all the situations where this would occur. That's the problem. Most consumers can't make an informed decision. All a malicious developer would need to do is design their app to give a spurious reason to access the photo library.

Now hang on… I'm not asking 'most consumers'—I'm asking you. You're the one insisting how inconvenient this is going to be… yet you can't name even one situation where you would prefer that an app secretly access your photos? Not even one? I think I'm getting ready to rest my case here.

So your solution would protect us from all those non-photo related apps that want to steal our photos, but do nothing to prevent the photo-related apps from stealing out photos.

If there really is no practical way for iOS to tell if that photo is being sent somewhere, then yes. It's like the lock on your door which you willingly open for certain visitors. Are there still risks? Sure. But at least you've minimised the risk by greatly limiting the number of apps with access to the photo library. Not only that, but in most cases (see Tinmania's explanation of the photo picker) the user has only granted access to a particular image. Going back to your earlier example of a GPS app with custom backgrounds—the user might choose a photo of their dog Fluffy as the background image, but that shouldn't give the app access to the photos they took in the bedroom the night before!

The lock is not what's in question. Developers only have access if you invite them in the house. The most valuable items (location data, phone access, messaging access) are in the safe.

Woah there… Why do you see location data as inherently more valuable than photos, videos, address book contacts, notes and other potentially sensitive private data? You could potentially ruin someone's life with the kind of data we're talking about.

How do you expect the system to know that apps are secretly taking an action. Magic?

Isn't that how all Apple products work?

Likely Apple will come up with some ideas, but they will be limited. For instance, they could require apps register for resource use such as the photo library and networking. By definition, a photo editing app would require access to the library to be useful. If it allows you to send postcards, then it requires networking. As the user purchasing that app, you understand its purpose and resource access. What you and Apple can't tell, is if an app is being malicious.

In each of the examples you mention, the user would have to manually choose an image for the app to use. That gives the user explicit knowledge about which photos an app has access to, if not complete knowledge about what's being done with them. This is still a huge improvement regarding a user's privacy over what you and BaldiMac seem to be proposing, where an app can access any image it wants to anytime it wants to. Madness if you ask me.

If you put too many warnings in, people will be annoyed, and it causes a poorer user experience. Windows Vista proved it.

Indeed Windows Vista proved it. Even XP, which I still run on an old PC here, annoys the heck out of me. But as already discussed, there is no need to generate a warning when the user is asked to choose a photo. Permission is an implicit part of that process. So let me ask you the same question I asked BaldiMac: 'under which conditions would an app need to access your photos without you telling it to? To put it another way, under which conditions would you be happy for an app to secretly access your photos?'

 

[xStep]

In each of the examples you mention, the user would have to manually choose an image for the app to use. That gives the user explicit knowledge about which photos an app has access to, if not complete knowledge about what's being done with them. This is still a huge improvement regarding a user's privacy over what you and BaldiMac seem to be proposing, where an app can access any image it wants to anytime it wants to. Madness if you ask me.

I'm just stating how it works, and proposed a possible, imperfect, adjustment. Convenience gives way to less security and we all like our little conveniences in life.

Explicit permission does not grant explicit knowledge of action.

Indeed Windows Vista proved it. Even XP, which I still run on an old PC here, annoys the heck out of me. But as already discussed, there is no need to generate a warning when the user is asked to choose a photo. Permission is an implicit part of that process. So let me ask you the same question I asked BaldiMac: 'under which conditions would an app need to access your photos without you telling it to? To put it another way, under which conditions would you be happy for an app to secretly access your photos?'

Those are not the same thing.

On the lower left of Apple's camera app, there is an image of the last item in the Camera Roll. That is a button that leads to a browser so that you can review your images and videos. That is a condition that an app would require access to your photos. By agreeing to the popup message, you allow the app to do that. If you go into Location Services Settings screen, you can turn off Apple's camera access, but then you are creating an inconvenience for your self. Note that I do not recall that Apple's camera app ever asked for permission.

The app I'm writing now will have a similar browser capability. To be of value to the user, it needs access to the raw videos. If Apple had a better framework for my needs that I could use, I would. They don't so my app will cause the popup permission screen to appear upon first run. I don't even care, for now, about the location information.

I'd be fine if an app secretly accessed my photos and videos if it is collecting information to report back to me or using the information for some feature. Secretly is defined as performing an action in the background. The issue isn't that an app is secretly accessing my photos, but what it does with that data.

Like others, I don't think apps should be over stepping their bounds.

 

[kalsta]

Explicit permission does not grant explicit knowledge of action.

Acknowledged. That's what I meant when I said 'if not complete knowledge about what's being done with them', although perhaps that sentence could have been phrased better. As I said, permission to access the photo library, or better still, access only certain photos in the library (which is all many apps really need) is still better than no permission at all.

Note that I do not recall that Apple's camera app ever asked for permission.

Apple's a special case, since they're the caretaker of the whole system. If we don't trust Apple not to be malicious, then we should probably buy a Nokia or something.

The app I'm writing now will have a similar browser capability. To be of value to the user, it needs access to the raw videos. If Apple had a better framework for my needs that I could use, I would. They don't so my app will cause the popup permission screen to appear upon first run. I don't even care, for now, about the location information.

Well then, isn't that a good argument for separating these kinds of permissions? Wouldn't you prefer that your users saw an honest request for access to the photo/video library rather than leave them wondering why on earth your app needs to know their location?

I'd be fine if an app secretly accessed my photos and videos if it is collecting information to report back to me or using the information for some feature.

Collecting and reporting on information about the photos and videos? So you're talking about metadata now, and suggesting that an app might only want to access the metadata, not the images themselves? BaldiMac assured me that an app would never need to do this. You guys should probably get together sometime and think this through some more.

The issue isn't that an app is secretly accessing my photos, but what it does with that data.

I know… Guns don't kill people, people kill people. I get the argument. But you guys should compare the murder rates between Australia (where we have tighter gun control) and the USA sometime. (Oh gosh, I can't believe I just opened that can of worms on here.)

 

[xStep]

Well then, isn't that a good argument for separating these kinds of permissions? Wouldn't you prefer that your users saw an honest request for access to the photo/video library rather than leave them wondering why on earth your app needs to know their location?

Perhaps, but as a user I wouldn't want to have to respond to two popup boxes, so I'd prefer a properly worded message which Apple could do now. I'd also prefer that Apple let the developer add to the message so we could explain why we need the access.

Collecting and reporting on information about the photos and videos? So you're talking about metadata now, and suggesting that an app might only want to access the metadata, not the images themselves? BaldiMac assured me that an app would never need to do this. You guys should probably get together sometime and think this through some more.

Maybe I have a bigger imagination then BaldiMac. I could imagine use of the raw data of a photo being used for more than just displaying it, not just use of the meta data.

I know… Guns don't kill people, people kill people. I get the argument. But you guys should compare the murder rates between Australia (where we have tighter gun control) and the USA sometime. (Oh gosh, I can't believe I just opened that can of worms on here.)

Oooh noooo.... the guns don't kill argument. Now you went and done it! Being a Canadian import to the U.S., I'd better hurry up and pick a side.

In the end, it is a human being whom chooses to abuse your data, and as a human being you have to take some responsibility to protect your self. It helps when the tools make that easier.


P.S. I've enjoyed traveling much of Australia and recommend it when the opportunity comes up.

 

[kalsta]

Thanks for the good humoured response. Enjoyed it.

P.S. I've enjoyed traveling much of Australia and recommend it when the opportunity comes up.

Oh, glad to hear it! Still so much of the country I haven't seen myself, being so big and spread out—you can travel for thousands of miles and see almost nothing. Still, I mean to travel right around the country one day. And the beaches are worth travelling around the world for!

I've seen a bit of the US (loved the skiing in California), but never been to Canada. It's on my to do list!

 

[xStep]

Thanks for the good humoured response. Enjoyed it.

You're welcome. I enjoy it too when I can pull it off.

Oh, glad to hear it! Still so much of the country I haven't seen myself, being so big and spread out—you can travel for thousands of miles and see almost nothing. Still, I mean to travel right around the country one day. And the beaches are worth travelling around the world for!

Yea, I literally drove thousands of miles to see almost nothing. About 10,000 on my first trip if I recall right, and probably another 2000 on the second trip. The destinations are worth it. Check out my web page for those trips. I probably drove by your place.

One thing I didn't have to worry about was apps stealing my images. The first trip was 100% 35mm. The second a P&S digital camera. Now with several of them on my iPod touch, I guess I'll have to live in fear of them being abused. A picture of me surfing the wave rock.

I've seen a bit of the US (loved the skiing in California), but never been to Canada. It's on my to do list!

British Columbia has some great skiing which attracts a lot of young Aussies who work at the ski resorts. Maybe they're escaping the 40 degree heat of Australia Summer. That's 104 farenheit for you Americans.

I've seen more of the U.S. and Australia than I have of Canada, and I even drove across half of it. I wonder if we're wired to seek lands abroad. My travel to do list includes extensive B.C. exploring, several world destinations, and a return to Australia some day. I haven't driven the Nullarbor Plain yet. With little to no internet connection out there, no darn stinking app is going to steal my pictures, at least until I hit civilization.

 

[kalsta]

Yea, I literally drove thousands of miles to see almost nothing. About 10,000 on my first trip if I recall right, and probably another 2000 on the second trip. The destinations are worth it. Check out my web page for those trips.

Nice shots! Looks like you've seen more of the country than I have.

Oh my word… IT SNOWED AT ULURU?!!! You have to be kidding. It looks like a giant block of ice!! That's awesome. Tell me that isn't shopped!

One thing I didn't have to worry about was apps stealing my images. The first trip was 100% 35mm. The second a P&S digital camera.

I like how you brought us back on topic. Otherwise the forum moderators might get cranky.

British Columbia has some great skiing which attracts a lot of young Aussies who work at the ski resorts. Maybe they're escaping the 40 degree heat of Australia Summer. That's 104 farenheit for you Americans.

There's been none of that this year. Coolest summer I can remember, and lots and lots of rain. But the real reason your ski resorts attracts lots of Australians is because Australian ski fields are… well, let's put it nicely… What we call a mountain over here most of the world would probably call a largish sort of hill.

I've seen more of the U.S. and Australia than I have of Canada, and I even drove across half of it. I wonder if we're wired to seek lands abroad.

That, and I think we tend to feel no real sense of urgency to travel our own country—we figure we can do that any time, which is kind of unfortunate in a way, because none of us really know how long we're here for.

 

[BaldiMac]

Collecting and reporting on information about the photos and videos? So you're talking about metadata now, and suggesting that an app might only want to access the metadata, not the images themselves? BaldiMac assured me that an app would never need to do this. You guys should probably get together sometime and think this through some more.

Please don't misrepresent me. I did not say that.

 

[kalsta]

Collecting and reporting on information about the photos and videos? So you're talking about metadata now, and suggesting that an app might only want to access the metadata, not the images themselves? BaldiMac assured me that an app would never need to do this. You guys should probably get together sometime and think this through some more.

Please don't misrepresent me. I did not say that.

Well, you did say:

Why would a developer want access to the metadata and not the photos?

I just assumed it was a rhetorical question.

 

[xStep]

Nice shots! Looks like you've seen more of the country than I have.

Oh my word… IT SNOWED AT ULURU?!!! You have to be kidding. It looks like a giant block of ice!! That's awesome. Tell me that isn't shopped!

I did not add anything to the image. I may have tried enhancing it to bring out a little contrast and color.

Another camper told me it was minus 3 that night. If I had woken up earlier I think the picture would look less like an iceberg and more snowy, if that means much. When I got closer it was lightly raining and the rock took on a whole new look. Nature is amazing!

I like how you brought us back on topic. Otherwise the forum moderators might get cranky.

Yea, that was the idea. It also demonstrated that we're in a new world with new worries and users & developers need to take on new responsibilities.

 

[kalsta]

I did not add anything to the image. I may have tried enhancing it to bring out a little contrast and color.

Well it's a great pic. Did you ever consider licensing it to Tourism Australia or something? I did a quick Google search and couldn't find any pictures quite like it.

When I got closer it was lightly raining and the rock took on a whole new look. Nature is amazing!

Indeed it is! I was privileged enough once to see a night rainbow. I didn't even realise such a thing was possible until I saw it.

And um… yeah, because nature is so amazing, we… um, need to protect our photos of nature… from malicious developers and stuff. (Phew, I think I managed to keep us on topic there.)

 

[xStep]

Well it's a great pic. Did you ever consider licensing it to Tourism Australia or something? I did a quick Google search and couldn't find any pictures quite like it.

Nope, never considered it. Also, you might have to OK that with the Aboriginal people from that location. At minimum they do have cultural concerns.

Indeed it is! I was privileged enough once to see a night rainbow. I didn't even realise such a thing was possible until I saw it.

Check out this video of Moonbows in Yosemite National Park here in California.