Following on from my previous post on how iOS apps are accessing and uploading contact data, it’s now been reported there are permission issues with an app that can access the iOS photo library. A test app was developed called PhotoSpy which was commissioned by The New York Times.
The PhotoSpy app requires the user to allow access to location data (and only once), but the app can also gain access via stealth to the photo library and upload the user’s entire photo library to a cloud storage environment, without any further notification. The main cause for concern was of course that this app did not ask for permission to access and upload the photo libraries. Thankfully, this app was never published on the App Store, and I doubt it would have been.
More importantly for me, mobile photos contain EXIF tagging data. This data uses GPRS cell site data to map the location of where the picture was taken as well as date and time. It would be very easy for a fraudster to use this data to build a profile on someone (mark). Pictures say a thousand words….
Apple is changing the way apps access and use iOS data before downloading or purchasing an app. My big question right now is, ‘how will this be implemented?’. Apple isn’t clear on how this will be done right now.
Safe surfing folks!