Photo libraries and associated geo-locational data exposed by ‘location access’ agreement
Certain location-based apps on the iOS store could allow developers to access a user’s entire photo gallery and associated geo-tagged data.
The privacy concern is the second iPhone app-related incident his month, the previous one relating to two developers, Hipster and Path, who had accessed and stored address book data without user permission.
Citing other app developers, The New York Times reports that once a user allows an application access to location data on their iPhone, iPad or iPod Touch, any and all photos can be copied without further warning. The geographically tagged locations of all those images are also copied in the transfer.
“Conceivably, an app with access to location data could put together a history of where the user has been based on photo location,” said David E. Chen, co-founder of app developer Curio. “The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.”
While it is unknown whether any developers are abusing this capability, the option for them to access such data has been available since the release of iOS 4 in 2010, which introduced full photo access permissions to app-makers.
Considering Apple’s history of dealing with such privacy issues, it is likely that users can expect a swift response to ensure security. Last year they told developers to phase out the use of unique identifiers that would track users and their behaviour, and in the Hipster/Path aftermath, they announced that any apps seeking address book information would be required to ask permission.