It seems Apple may have another security vulnerability to contend with, following the uproar over apps being able to upload iPhone address books without proper warning.
The New York Times is quoting developers who say apps that ask to use your current location can also upload entire photo libraries from iOS devices.
It's claimed that location use gives apps access not only to geo-location info on photos and videos, but to the photos and videos themselves."After a user allows an application on an iPhone, iPad or iPod Touch to have access to location information, the app can copy the user’s entire photo library, without any further notification or warning, according to app developers."It is unclear whether any apps in Apple’s App Store are actually doing this. Apple says it screens all apps submitted to the store, and presumably it would not authorize an app that clearly copied a person’s photos without good reason. But copying address book data was also against Apple’s rules, and the company let through a number of popular apps that did so".
“Conceivably, an app with access to location data could put together a history of where the user has been based on photo location,” said David E. Chen, co-founder of Curio, a company that develops iOS apps. “The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.”Apple hasn't commented.
Update: The Verge reports sources saying Apple will fix the problem in an iOS update. The sources claim the security flaw is an error and not a feature.
(Source: New York Times)
Comments