iOS loophole could let developers siphon photos

A newly discovered loophole in iOS security gives developers access to a user's entire photo library. After the user allows an iOS application to have access to location information, the app can then be designed to copy the user's photographs to a remote server without further notification, reports The New York Times.

To test this loophole, The New York Times asked an anonymous developer, who did not want to be named because of his employment at a popular app developer, to create an app that did just that. His "PhotoSpy" app asked for access to location data on startup, and once access was granted, the app would then siphon the photos and the location data attached to them to a remote server. The PhotoSpy app was not submitted to the App Store for approval.

It is unknown if any authorized apps on Apple's App Store are currently exploiting this loophole. Of course, with the huge volume of submissions to the app store, apps of questionable content and behavior slip through the approval process on a fairly regular basis.

Full access to the photo library was first allowed in 2010 with the release of iOS 4, with the intention of making photo apps more efficient. While this capability has been known for a while, according to developers who talked to The New York Times, it was assumed that Apple's approval process would prevent users' content from being exploited. That assumption has been cast into doubt after recent revelations.

"Apple has a tremendous responsibility as the gatekeeper to the App Store and the apps people put on their phone to police the apps," David Jacobs, a fellow with the Electronic Privacy Information Center, said to The New York Times. "Apple and app makers should be making sure people understand what they are consenting to. It is pretty obvious that they aren’t doing a good enough job of that."

Report a problem with article
Previous Story

Glossy white Xbox 360 Kinect bundle announced

Next Story

Schmidt shares his vision of the future at MWC

7 Comments

Commenting is disabled on this article.

The issue is that the message asking users for permission is not currently clear. There are plenty of legitimate applications in the app store that interact with photos and the users want those apps and their features (just like you would want to use Picasa on your computer instead of Windows Live Gallery, for instance).

I'm not sure if this is new?

It's common to give apps accessing your photo roll location access rights.

It always struck me as a bit illogical, but I think there's a technical explanation that makes more sense.

The JPG's stored on an iPhone contain GPS data in their EXIF tags, and revealing that without permission could reveal a user's location, or give strong hints to it. Since this data is embedded in the photos themselves, voila, you need to give an app rights to know your location in order to see your photos. Because the worst-case scenario is that by checking your photos, someone could figure out where you live. (consider photos shot and GPS-tagged in your home)

What's missing here might be an access right for your photos. However, then I think they should ask for both photo access rights and location rights, since the location issue is still a potential privacy problem and the end user should really be alerted about it as a separate issue. A user may not realize that by allowing some app to see the photos could reveal the exact coordinates of where he/she lives.

It's possible that Apple has considered photos such a core feature of a smartphone that it's not something an end user would forget that an app might access. GPS-embedded metadata in a JPG is more subtle and nefarious than a photo app accessing your photos, hence the location warning.

Edited by Northgrove, Feb 29 2012, 11:28am :

8 to 10 years ago the Apple fans were overjoyed. Microsoft was having a problem where it was found that if a program was installed on a computer, that program could use the programmability features of Outlook and send the address book to a bad place. It was said that Microsoft was more concerned about money than security, that they put market share before their customers. Apple didn't have the problem because they put security first and didn't care about money or sales, just their customers.

So Microsoft added the timeout dialog. When a program tried to access the address book, it would put up a dialog asking if it was ok to grant access. This was not satisfactory, to the Apple fans, people would not read the dialog, users just click ok. Microsoft was just doing the quick fix rather than doing the correct fix. Oh, and on an Apple product you would never see such a dialog, because they do it the right way.

Now we have an Apple product that is sending data to the internet in the same way they once complained about. I laugh at the irony of it all because if anyone says anything about it, it is not Apple's fault, it is the developer's fault even though it is downloaded only through Apple' store. People are making it an issue because they are jealous of Apple's success. Apple makes billions, so people must be ok with it. And my personal favorite, it is only because they are "haters."

OK. Well, just remember that "haters" exist on both sides. No modern cutting edge product, regardless if it's a Samsung Galaxy S II or an iPhone 4S or a Nokia 800 should be looked down on, since they're all technological marvels. And being personally upset about behavior patterns of various fans, well... Let's just say that I find other matters in life more important to be upset about.

Northgrove said,
OK. Well, just remember that "haters" exist on both sides. No modern cutting edge product, regardless if it's a Samsung Galaxy S II or an iPhone 4S or a Nokia 800 should be looked down on, since they're all technological marvels. And being personally upset about behavior patterns of various fans, well... Let's just say that I find other matters in life more important to be upset about.

First, I am not upset about the behaviors of others, in fact I find them funny in how they center their life around making sure that their favorite is defended.

As for haters on all sides, I was mocking those who call others haters. A few months ago I described a problem with safari on my iPad where the browser would showcases from days ago. I was called a hater for simply describing a bug. Those people who called me a hater deserve to be mocked.