I've worked with the Photo Library APIs. This is exactly how it is intended to work. The protections are there to protect the location data, not the photos themselves. I've always found it interesting that the location data would deserve protection but not the photos themselves (only indirectly because they contain location data), but again this is not how the system was designed.
Given the privacy issues with the contacts and now photos, I wouldn't be surprised if Apple is working on a much better way of protecting private data than the current piecemeal system. I'm thinking something like tiered access -- an app might be able to access limited parts of the contacts without needing to ask the user, for example. Since one of the things developers have used the contacts for is matchmaking on social networks, Apple could easily provide a unique hash for a given contact card and provide that back to an app without giving out the actual data.
For photos, Apple could provide APIs to get thumbnail representations, or photos without location data. Or even pre-canned UIs that would allow a user to select an individual photo to allow the app access to without having to give the app total access to the photo library.
Similar to how they went about introducing multitasking to iOS, I think Apple is going to do the same with the various forms of private data available to developers. It's going to take some time, of course, but the end result will be a much more secure system without introducing much burden onto the users.
What we should be talking about is ownership. We should be fighting to ensure that all data about an individual is legally that individual's property, that any entity that uses such data without recompense to the owner is legally a thief, and that any entity that sells an allegedly secure product that turns out not to be is liable for damages.
If this does allow 3rd-party apps unfettered access to personal photos and images then this should be locked down.
Agreed. Location data is location data, photos are photos. Two separate things, despite being able to be combined.
Quote:
Originally Posted by jungmark
I wonder if the developers informed Apple of it before they contacted the Times...
Probably not, because the NYT paid them? (Otherwise why would an anonymous developer do it? Hacking ethos? Fame without Fortune? Free beer? Promise of NYT featuring their other apps?)
I've worked with the Photo Library APIs. This is exactly how it is intended to work. The protections are there to protect the location data, not the photos themselves. I've always found it interesting that the location data would deserve protection but not the photos themselves (only indirectly because they contain location data), but again this is not how the system was designed.
Given the privacy issues with the contacts and now photos, I wouldn't be surprised if Apple is working on a much better way of protecting private data than the current piecemeal system. I'm thinking something like tiered access -- an app might be able to access limited parts of the contacts without needing to ask the user, for example. Since one of the things developers have used the contacts for is matchmaking on social networks, Apple could easily provide a unique hash for a given contact card and provide that back to an app without giving out the actual data.
For photos, Apple could provide APIs to get thumbnail representations, or photos without location data. Or even pre-canned UIs that would allow a user to select an individual photo to allow the app access to without having to give the app total access to the photo library.
Similar to how they went about introducing multitasking to iOS, I think Apple is going to do the same with the various forms of private data available to developers. It's going to take some time, of course, but the end result will be a much more secure system without introducing much burden onto the users.
Very interesting. Indeed contacts and photos are very sensitive areas now, so I feel Apple will have to have apps request authorisation to access them. Well, that's what ~I~ would like to see anyways.
Yet...how many people go on Facebook every day and give apps there permission to just about all their data with no idea how the app will actually use it???? Where is the Times article about that? I block ALL apps on Facebook mainly because they all seem to want access to ALL my data even though they really don't need that much information in the first place. Trusting an app on iOS is still WAY safer than trusting one on Facebook. IMHO
Yet...how many people go on Facebook every day and give apps there permission to just about all their data with no idea how the app will actually use it???? Where is the Times article about that? I block ALL apps on Facebook mainly because they all seem to want access to ALL my data even though they really don't need that much information in the first place. Trusting an app on iOS is still WAY safer than trusting one on Facebook. IMHO
Tom
I realize Apple considers Facebook a "friend" now, but I' don't know that's the case for iOS users themselves. I know Google's privacy actions are suspicious to some of you, but consider the latest on the Facebook app front. The newest requested permission before installing the Android Facebook app wants access to your SMS messages.
If you don't want to grant Facebook the right to look at every text you've sent and every reply you've received, then you can't install their app. Why the heck do they need to read your text messages??
How about giving people the freedom to do what they want with their devices? How about personal responsibility instead of relying on big brother?
How about using an Android. I have yet to run across anything that I can't do on my iPad that jail breaking would enable me to do, thus I've never ventured down that road. Mind you it isn't because I don't use my iPad. In fact I use it for all sorts of things from router configuration, to accessing network shares, to remoting into computers I support. The "I can't do what I want cause it's closed" argument is such garbage, it's just a straw man at this point.
What we should be talking about is ownership. We should be fighting to ensure that all data about an individual is legally that individual's property, that any entity that uses such data without recompense to the owner is legally a thief, and that any entity that sells an allegedly secure product that turns out not to be is liable for damages.
Quote:
Originally Posted by dpnorton82
This. Yes. All of it.
The developer agreement does have language for abuse, but then that only ensures that your app can be pulled if you're caught abusing. As far as recourse beyond that I'd think that would require a lawsuit. Honestly, I don't think anything really needs to be done beyond that, suing someone for theft of your personal content would probably have a strong case if the person was banned from being a developer for breaching that part of their contract with Apple.
Right on schedule, another Senator is demanding an investigation:
"Congress became involved and probably motivated the move [by Apple to shut down the vulnerability], but the legislative body is not going to like what it hears. The problem is that iOS apps not only have access to a user?s contacts database (including addresses and notes), but apps also have full and unencumbered access to everything in the iOS app sandbox, such as pictures, music, movies, calendars, and a host of other data. Any of this content is literally open for developers to freely transmit to their own servers while apps are open. (note that pictures with geotags will pop up a Location dialog which can be averted in code with some well known tricks)"
So Chuck Schummer (Dem. NY) wants an FTC investigation.
Right on schedule, another Senator is demanding an investigation:
"Congress became involved and probably motivated the move [by Apple to shut down the vulnerability], but the legislative body is not going to like what it hears. The problem is that iOS apps not only have access to a user’s contacts database (including addresses and notes), but apps also have full and unencumbered access to everything in the iOS app sandbox, such as pictures, music, movies, calendars, and a host of other data. Any of this content is literally open for developers to freely transmit to their own servers while apps are open. (note that pictures with geotags will pop up a Location dialog which can be averted in code with some well known tricks)"
So Chuck Schummer (Dem. NY) wants an FTC investigation.
Unlike the Location Data issue this one is pretty bad for an Apple OS.
Just coming back to note that Android apps were also subsequently found to allow photo uploads too, tho your calendar, music and such is not exposed for any developer who wishes to harvest it unlike iOS. At least as far as I know.
Just coming back to note that Android apps were also subsequently found to allow photo uploads too, tho your calendar, music and such is not unlike iOS. At least as far as I know.
As noted in The Verge article there are no such constraints on desktop OSes... and I wish there were. Any app you run can access anything in your user space and send it back to a server as it pleases. Unless you're using Little Snitch you may not know. Does Apple's Mac App Store sandboxing resolve this? I hope so.
As noted in The Verge article there are no such constraints on desktop OSes... and I wish there were. Any app you run can access anything in your user space and send it back to a server as it pleases. Unless you're using Little Snitch you may not know. Does Apple's Mac App Store sandboxing resolve this? I hope so.
According to what I've read even Little Snitch may not tell you just what's going on if the developer isn't using SSL.
I think sandboxing planned for Mac would address the issue.
EDIT: I see ArsTechnica did a followup article. There's some pretty high-profile apps that look like they were grabbing iOS users contact lists along with whatever notes were there without permission: Facebook, Twitter, Cut the Rope, Gowalla and several others.
Comments
Given the privacy issues with the contacts and now photos, I wouldn't be surprised if Apple is working on a much better way of protecting private data than the current piecemeal system. I'm thinking something like tiered access -- an app might be able to access limited parts of the contacts without needing to ask the user, for example. Since one of the things developers have used the contacts for is matchmaking on social networks, Apple could easily provide a unique hash for a given contact card and provide that back to an app without giving out the actual data.
For photos, Apple could provide APIs to get thumbnail representations, or photos without location data. Or even pre-canned UIs that would allow a user to select an individual photo to allow the app access to without having to give the app total access to the photo library.
Similar to how they went about introducing multitasking to iOS, I think Apple is going to do the same with the various forms of private data available to developers. It's going to take some time, of course, but the end result will be a much more secure system without introducing much burden onto the users.
What we should be talking about is ownership. We should be fighting to ensure that all data about an individual is legally that individual's property, that any entity that uses such data without recompense to the owner is legally a thief, and that any entity that sells an allegedly secure product that turns out not to be is liable for damages.
This. Yes. All of it.
If this does allow 3rd-party apps unfettered access to personal photos and images then this should be locked down.
Agreed. Location data is location data, photos are photos. Two separate things, despite being able to be combined.
I wonder if the developers informed Apple of it before they contacted the Times...
Probably not, because the NYT paid them? (Otherwise why would an anonymous developer do it? Hacking ethos? Fame without Fortune? Free beer? Promise of NYT featuring their other apps?)
I've worked with the Photo Library APIs. This is exactly how it is intended to work. The protections are there to protect the location data, not the photos themselves. I've always found it interesting that the location data would deserve protection but not the photos themselves (only indirectly because they contain location data), but again this is not how the system was designed.
Given the privacy issues with the contacts and now photos, I wouldn't be surprised if Apple is working on a much better way of protecting private data than the current piecemeal system. I'm thinking something like tiered access -- an app might be able to access limited parts of the contacts without needing to ask the user, for example. Since one of the things developers have used the contacts for is matchmaking on social networks, Apple could easily provide a unique hash for a given contact card and provide that back to an app without giving out the actual data.
For photos, Apple could provide APIs to get thumbnail representations, or photos without location data. Or even pre-canned UIs that would allow a user to select an individual photo to allow the app access to without having to give the app total access to the photo library.
Similar to how they went about introducing multitasking to iOS, I think Apple is going to do the same with the various forms of private data available to developers. It's going to take some time, of course, but the end result will be a much more secure system without introducing much burden onto the users.
Very interesting. Indeed contacts and photos are very sensitive areas now, so I feel Apple will have to have apps request authorisation to access them. Well, that's what ~I~ would like to see anyways.
Edit: I removed forum-related feedback.
Tom
Yet...how many people go on Facebook every day and give apps there permission to just about all their data with no idea how the app will actually use it???? Where is the Times article about that? I block ALL apps on Facebook mainly because they all seem to want access to ALL my data even though they really don't need that much information in the first place. Trusting an app on iOS is still WAY safer than trusting one on Facebook. IMHO
Tom
I realize Apple considers Facebook a "friend" now, but I' don't know that's the case for iOS users themselves. I know Google's privacy actions are suspicious to some of you, but consider the latest on the Facebook app front. The newest requested permission before installing the Android Facebook app wants access to your SMS messages.
If you don't want to grant Facebook the right to look at every text you've sent and every reply you've received, then you can't install their app. Why the heck do they need to read your text messages??
How about giving people the freedom to do what they want with their devices? How about personal responsibility instead of relying on big brother?
How about using an Android. I have yet to run across anything that I can't do on my iPad that jail breaking would enable me to do, thus I've never ventured down that road. Mind you it isn't because I don't use my iPad. In fact I use it for all sorts of things from router configuration, to accessing network shares, to remoting into computers I support. The "I can't do what I want cause it's closed" argument is such garbage, it's just a straw man at this point.
What we should be talking about is ownership. We should be fighting to ensure that all data about an individual is legally that individual's property, that any entity that uses such data without recompense to the owner is legally a thief, and that any entity that sells an allegedly secure product that turns out not to be is liable for damages.
This. Yes. All of it.
The developer agreement does have language for abuse, but then that only ensures that your app can be pulled if you're caught abusing. As far as recourse beyond that I'd think that would require a lawsuit. Honestly, I don't think anything really needs to be done beyond that, suing someone for theft of your personal content would probably have a strong case if the person was banned from being a developer for breaching that part of their contract with Apple.
"Congress became involved and probably motivated the move [by Apple to shut down the vulnerability], but the legislative body is not going to like what it hears. The problem is that iOS apps not only have access to a user?s contacts database (including addresses and notes), but apps also have full and unencumbered access to everything in the iOS app sandbox, such as pictures, music, movies, calendars, and a host of other data. Any of this content is literally open for developers to freely transmit to their own servers while apps are open. (note that pictures with geotags will pop up a Location dialog which can be averted in code with some well known tricks)"
So Chuck Schummer (Dem. NY) wants an FTC investigation.
Right on schedule, another Senator is demanding an investigation:
"Congress became involved and probably motivated the move [by Apple to shut down the vulnerability], but the legislative body is not going to like what it hears. The problem is that iOS apps not only have access to a user’s contacts database (including addresses and notes), but apps also have full and unencumbered access to everything in the iOS app sandbox, such as pictures, music, movies, calendars, and a host of other data. Any of this content is literally open for developers to freely transmit to their own servers while apps are open. (note that pictures with geotags will pop up a Location dialog which can be averted in code with some well known tricks)"
So Chuck Schummer (Dem. NY) wants an FTC investigation.
Why doesn't Android ever get named in this stuff?
- http://www.theverge.com/2012/3/1/283...onsidering-fix
Unlike the Location Data issue this one is pretty bad for an Apple OS.Why doesn't Android ever get named in this stuff?
- http://www.theverge.com/2012/3/1/283...onsidering-fix
Unlike the Location Data issue this one is pretty bad for an Apple OS.Just coming back to note that Android apps were also subsequently found to allow photo uploads too, tho your calendar, music and such is not exposed for any developer who wishes to harvest it unlike iOS. At least as far as I know.
Just coming back to note that Android apps were also subsequently found to allow photo uploads too, tho your calendar, music and such is not unlike iOS. At least as far as I know.
As noted in The Verge article there are no such constraints on desktop OSes... and I wish there were. Any app you run can access anything in your user space and send it back to a server as it pleases. Unless you're using Little Snitch you may not know. Does Apple's Mac App Store sandboxing resolve this? I hope so.
As noted in The Verge article there are no such constraints on desktop OSes... and I wish there were. Any app you run can access anything in your user space and send it back to a server as it pleases. Unless you're using Little Snitch you may not know. Does Apple's Mac App Store sandboxing resolve this? I hope so.
According to what I've read even Little Snitch may not tell you just what's going on if the developer isn't using SSL.
I think sandboxing planned for Mac would address the issue.
EDIT: I see ArsTechnica did a followup article. There's some pretty high-profile apps that look like they were grabbing iOS users contact lists along with whatever notes were there without permission: Facebook, Twitter, Cut the Rope, Gowalla and several others.
http://arstechnica.com/apple/news/20...n-security.ars