iOS Location authorization loophole gives apps access to iDevice photos

2»

Comments

  • Reply 21 of 33
    I've worked with the Photo Library APIs. This is exactly how it is intended to work. The protections are there to protect the location data, not the photos themselves. I've always found it interesting that the location data would deserve protection but not the photos themselves (only indirectly because they contain location data), but again this is not how the system was designed.



    Given the privacy issues with the contacts and now photos, I wouldn't be surprised if Apple is working on a much better way of protecting private data than the current piecemeal system. I'm thinking something like tiered access -- an app might be able to access limited parts of the contacts without needing to ask the user, for example. Since one of the things developers have used the contacts for is matchmaking on social networks, Apple could easily provide a unique hash for a given contact card and provide that back to an app without giving out the actual data.



    For photos, Apple could provide APIs to get thumbnail representations, or photos without location data. Or even pre-canned UIs that would allow a user to select an individual photo to allow the app access to without having to give the app total access to the photo library.



    Similar to how they went about introducing multitasking to iOS, I think Apple is going to do the same with the various forms of private data available to developers. It's going to take some time, of course, but the end result will be a much more secure system without introducing much burden onto the users.
  • Reply 22 of 33
    Quote:
    Originally Posted by rbryanh View Post


    What we should be talking about is ownership. We should be fighting to ensure that all data about an individual is legally that individual's property, that any entity that uses such data without recompense to the owner is legally a thief, and that any entity that sells an allegedly secure product that turns out not to be is liable for damages.



    This. Yes. All of it.
  • Reply 23 of 33
    Quote:
    Originally Posted by SolipsismX View Post


    If this does allow 3rd-party apps unfettered access to personal photos and images then this should be locked down.



    Agreed. Location data is location data, photos are photos. Two separate things, despite being able to be combined.



    Quote:
    Originally Posted by jungmark View Post


    I wonder if the developers informed Apple of it before they contacted the Times...



    Probably not, because the NYT paid them? (Otherwise why would an anonymous developer do it? Hacking ethos? Fame without Fortune? Free beer? Promise of NYT featuring their other apps?)
  • Reply 24 of 33
    Quote:
    Originally Posted by SmileyDude View Post


    I've worked with the Photo Library APIs. This is exactly how it is intended to work. The protections are there to protect the location data, not the photos themselves. I've always found it interesting that the location data would deserve protection but not the photos themselves (only indirectly because they contain location data), but again this is not how the system was designed.



    Given the privacy issues with the contacts and now photos, I wouldn't be surprised if Apple is working on a much better way of protecting private data than the current piecemeal system. I'm thinking something like tiered access -- an app might be able to access limited parts of the contacts without needing to ask the user, for example. Since one of the things developers have used the contacts for is matchmaking on social networks, Apple could easily provide a unique hash for a given contact card and provide that back to an app without giving out the actual data.



    For photos, Apple could provide APIs to get thumbnail representations, or photos without location data. Or even pre-canned UIs that would allow a user to select an individual photo to allow the app access to without having to give the app total access to the photo library.



    Similar to how they went about introducing multitasking to iOS, I think Apple is going to do the same with the various forms of private data available to developers. It's going to take some time, of course, but the end result will be a much more secure system without introducing much burden onto the users.



    Very interesting. Indeed contacts and photos are very sensitive areas now, so I feel Apple will have to have apps request authorisation to access them. Well, that's what ~I~ would like to see anyways.



    Edit: I removed forum-related feedback.
  • Reply 25 of 33
    icoco3icoco3 Posts: 1,474member
    Yet...how many people go on Facebook every day and give apps there permission to just about all their data with no idea how the app will actually use it???? Where is the Times article about that? I block ALL apps on Facebook mainly because they all seem to want access to ALL my data even though they really don't need that much information in the first place. Trusting an app on iOS is still WAY safer than trusting one on Facebook. IMHO



    Tom
  • Reply 26 of 33
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by icoco3 View Post


    Yet...how many people go on Facebook every day and give apps there permission to just about all their data with no idea how the app will actually use it???? Where is the Times article about that? I block ALL apps on Facebook mainly because they all seem to want access to ALL my data even though they really don't need that much information in the first place. Trusting an app on iOS is still WAY safer than trusting one on Facebook. IMHO



    Tom



    I realize Apple considers Facebook a "friend" now, but I' don't know that's the case for iOS users themselves. I know Google's privacy actions are suspicious to some of you, but consider the latest on the Facebook app front. The newest requested permission before installing the Android Facebook app wants access to your SMS messages.



    If you don't want to grant Facebook the right to look at every text you've sent and every reply you've received, then you can't install their app. Why the heck do they need to read your text messages??
  • Reply 27 of 33
    hezetationhezetation Posts: 674member
    Quote:
    Originally Posted by realitycheck69 View Post


    How about giving people the freedom to do what they want with their devices? How about personal responsibility instead of relying on big brother?



    How about using an Android. I have yet to run across anything that I can't do on my iPad that jail breaking would enable me to do, thus I've never ventured down that road. Mind you it isn't because I don't use my iPad. In fact I use it for all sorts of things from router configuration, to accessing network shares, to remoting into computers I support. The "I can't do what I want cause it's closed" argument is such garbage, it's just a straw man at this point.
  • Reply 28 of 33
    hezetationhezetation Posts: 674member
    Quote:
    Originally Posted by rbryanh View Post


    What we should be talking about is ownership. We should be fighting to ensure that all data about an individual is legally that individual's property, that any entity that uses such data without recompense to the owner is legally a thief, and that any entity that sells an allegedly secure product that turns out not to be is liable for damages.



    Quote:
    Originally Posted by dpnorton82 View Post


    This. Yes. All of it.



    The developer agreement does have language for abuse, but then that only ensures that your app can be pulled if you're caught abusing. As far as recourse beyond that I'd think that would require a lawsuit. Honestly, I don't think anything really needs to be done beyond that, suing someone for theft of your personal content would probably have a strong case if the person was banned from being a developer for breaching that part of their contract with Apple.
  • Reply 29 of 33
    gatorguygatorguy Posts: 24,176member
    Right on schedule, another Senator is demanding an investigation:



    "Congress became involved and probably motivated the move [by Apple to shut down the vulnerability], but the legislative body is not going to like what it hears. The problem is that iOS apps not only have access to a user?s contacts database (including addresses and notes), but apps also have full and unencumbered access to everything in the iOS app sandbox, such as pictures, music, movies, calendars, and a host of other data. Any of this content is literally open for developers to freely transmit to their own servers while apps are open. (note that pictures with geotags will pop up a Location dialog which can be averted in code with some well known tricks)"



    So Chuck Schummer (Dem. NY) wants an FTC investigation.
  • Reply 30 of 33
    solipsismxsolipsismx Posts: 19,566member
    Quote:
    Originally Posted by Gatorguy View Post


    Right on schedule, another Senator is demanding an investigation:



    "Congress became involved and probably motivated the move [by Apple to shut down the vulnerability], but the legislative body is not going to like what it hears. The problem is that iOS apps not only have access to a user’s contacts database (including addresses and notes), but apps also have full and unencumbered access to everything in the iOS app sandbox, such as pictures, music, movies, calendars, and a host of other data. Any of this content is literally open for developers to freely transmit to their own servers while apps are open. (note that pictures with geotags will pop up a Location dialog which can be averted in code with some well known tricks)"



    So Chuck Schummer (Dem. NY) wants an FTC investigation.



    Why doesn't Android ever get named in this stuff?Unlike the Location Data issue this one is pretty bad for an Apple OS.
  • Reply 31 of 33
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by SolipsismX View Post


    Why doesn't Android ever get named in this stuff?Unlike the Location Data issue this one is pretty bad for an Apple OS.



    Just coming back to note that Android apps were also subsequently found to allow photo uploads too, tho your calendar, music and such is not exposed for any developer who wishes to harvest it unlike iOS. At least as far as I know.
  • Reply 32 of 33
    solipsismxsolipsismx Posts: 19,566member
    Quote:
    Originally Posted by Gatorguy View Post


    Just coming back to note that Android apps were also subsequently found to allow photo uploads too, tho your calendar, music and such is not unlike iOS. At least as far as I know.



    As noted in The Verge article there are no such constraints on desktop OSes... and I wish there were. Any app you run can access anything in your user space and send it back to a server as it pleases. Unless you're using Little Snitch you may not know. Does Apple's Mac App Store sandboxing resolve this? I hope so.
  • Reply 33 of 33
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by SolipsismX View Post


    As noted in The Verge article there are no such constraints on desktop OSes... and I wish there were. Any app you run can access anything in your user space and send it back to a server as it pleases. Unless you're using Little Snitch you may not know. Does Apple's Mac App Store sandboxing resolve this? I hope so.



    According to what I've read even Little Snitch may not tell you just what's going on if the developer isn't using SSL.



    I think sandboxing planned for Mac would address the issue.



    EDIT: I see ArsTechnica did a followup article. There's some pretty high-profile apps that look like they were grabbing iOS users contact lists along with whatever notes were there without permission: Facebook, Twitter, Cut the Rope, Gowalla and several others.

    http://arstechnica.com/apple/news/20...n-security.ars
Sign In or Register to comment.