Just what do app developers have access to? According to a new investigation into photo and video sharing on iOS by The New York Times, developers are able to gain access to your photos and videos when you click “agree” on that button that gives them the ability to collect location information.
An excerpt from the article:
After a user allows an application on an iPhone, iPad or iPod Touch to have access to location information, the app can copy the user’s entire photo library, without any further notification or warning, according to app developers.
It is unclear whether any apps in Apple’s App Store are actually doing this. Apple says it screens all apps submitted to the store, and presumably it would not authorize an app that clearly copied a person’s photos without good reason. But copying address book data was also against Apple’s rules, and the company let through a number of popular apps that did so.
In order to test whether an app can actually access and download photos, The New York Times hired an iOS developer to create a test application called “PhotoSpy.” The app asked to access location information, and once that was granted, it was able to download photos and their location data to a remote server (this app was not put in the App Store).
“It’s very strange, because Apple is asking for location permission, but really what it is doing is accessing your entire photo library,” said John Casasanta, owner of Tap Tap Tap and creator of the Camera+ app. “The message the user is being presented with is very, very unclear.
I don’t know about you guys, but when I click that button that allows developers to access photo locations, I am not giving them permission to download my entire photo library. That’s unacceptable, and that wording is not included in the agreement.
Sure, Apple may be monitoring how apps use our data (and would, theoretically, reject any app that intended to download user photos), but who knows what can slip through. All those fake Pokemon apps were Apple approved, after all. We need specific, clear permissions so we know exactly what information developers are able to access.
Hopefully this exposé from The New York Times combined with Apple’s intent to create new privacy policies will eliminate the potential problem before unscrupulous app developers begin taking advantage of it. Our private information needs to stay private.
[via The New York Times]