iOS Photo and Video Privacy Issues Highlighted with New Test Application

Earlier this month, privacy issues related to the uploading of users' address books to developers' servers were cast into the limelight as Congress requested details from Apple on how private information is handled and protected. While Apple quickly responded to note that it would be addressing the issue by requiring explicit permission to be granted by users for apps to access their address book data, it has been a relatively open secret for some time that developers can gain access to a broad array of what might be considered private information, including photos, calendars, and other content.

The New York Times today is taking a closer look at the topic of photos and videos, noting how easy it is for developers to quietly gain access to such content when given permission to collect location information.

After a user allows an application on an iPhone, iPad or iPod Touch to have access to location information, the app can copy the user’s entire photo library, without any further notification or warning, according to app developers.

It is unclear whether any apps in Apple’s App Store are actually doing this. Apple says it screens all apps submitted to the store, and presumably it would not authorize an app that clearly copied a person’s photos without good reason. But copying address book data was also against Apple’s rules, and the company let through a number of popular apps that did so.

photospy
The New York Times tested this behavior by commissioning an iOS developer to write a simple test application dubbed "PhotoSpy" that demonstrates how a simple pop-up requesting permission to access location information can actually lead to broad access to all photos and videos in a user's photo library on the device.

When the “PhotoSpy” app was started up, it asked for access to location data. Once this was granted, it began siphoning photos and their location data to a remote server. (The app was not submitted to the App Store.)

Apple and other mobile app distributors recently signed on to a new agreement with the California Attorney General's office that will see the companies making it easier for users to examine privacy policies associated with apps before they download them. And with pressure mounting on Apple to take further steps to ensure that apps can access only information explicitly permitted by users, many are undoubtedly hoping that more changes are coming in the relatively near future.

Update: The Verge reports that "sources familiar with the situation" have indicated the photo and video access is a bug and that a fix is in the works.

We spoke to sources familiar with the situation, and were informed that a fix is most likely coming for the loophole. According to the people we talked to, Apple has been made aware of the issue and is likely planning a fix with an upcoming release of iOS. Those sources also confirmed that the ability to send your photos and videos to a third-party is an error, not an intended feature. If we had to guess, the fix will likely come alongside a patch for Apple's other recent security issue — the ability for apps to upload your address book information without warning.

Popular Stories

iphone 16 pro models 1

Here's How the iPhone 17 Pro Max Will Compare to the iPhone 17 Pro

Saturday July 5, 2025 1:00 pm PDT by
Apple should unveil the iPhone 17 series in September, and there might be one bigger difference between the Pro and Pro Max models this year. As always, the Pro Max model will be larger than the Pro model:iPhone 17 Pro: 6.3-inch display iPhone 17 Pro Max: 6.9-inch displayGiven the Pro Max is physically larger than the Pro, it has more internal space, allowing for a larger battery and...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro to Reverse iPhone X Design Decision

Monday July 7, 2025 9:46 am PDT by
Since the iPhone X in 2017, all of Apple's highest-end iPhone models have featured either stainless steel or titanium frames, but it has now been rumored that this design decision will be coming to an end with the iPhone 17 Pro models later this year. In a post on Chinese social media platform Weibo today, the account Instant Digital said that the iPhone 17 Pro models will have an aluminum...
imac video apple feature

Apple Launching These 15+ Products Later This Year

Sunday July 6, 2025 8:05 am PDT by
The calendar has turned to July, meaning that 2025 is now more than half over. And while the summer months are often quiet for Apple, the company still has more than a dozen products coming later this year, according to rumors. Below, we have outlined at least 15 new Apple products that are expected to launch later this year, along with key rumored features for each. iPhone 17 Series iPho...
iPhone Car Key Kia

Here's Which Vehicles Offer iPhone Car Keys

Sunday July 6, 2025 3:03 pm PDT by
In 2020, Apple added a digital car key feature to its Wallet app, allowing users to lock, unlock, and start a compatible vehicle with an iPhone or Apple Watch. The feature is currently offered by select automakers, including Audi, BMW, Hyundai, Kia, Genesis, Mercedes-Benz, Volvo, and a handful of others, and it is set to expand further. Apple has a web page with a list of vehicle models that ...
iOS 26 Feature

Everything New in iOS 26 Beta 3

Monday July 7, 2025 1:20 pm PDT by
Apple is continuing to refine and update iOS 26, and beta three features smaller changes than we saw in beta 2, plus further tweaks to the Liquid Glass design. Apple is gearing up for the next phase of beta testing, and the company has promised that a public beta is set to come out in July. Transparency In some apps like Apple Music, Podcasts, and the App Store, Apple has toned down the...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 14 New Features

Friday July 4, 2025 1:05 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are just over two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:Apple logo repositioned: Apple's logo may have a lower position on the back of the iPhone 17 Pro models, compared to previous...
iphone 17 pro render majin bu

New iPhone 17 Pro Renders Highlight Apple Logo and MagSafe Design Changes

Sunday July 6, 2025 8:43 pm PDT by
New renders today provide the best look yet relocated Apple logo and redesigned MagSafe magnet array of the iPhone 17 Pro and iPhone 17 Pro Max. Image via Majin Bu. Several of the design changes coming to the iPhone 17 Pro model have been rumored for some time, such as the elongated camera bump that spans the full width of the device, with the LiDAR Scanner and flash moving to the right side. ...
iPhone 14 Pro Dynamic Island

iPhone 17 Models Rumored to Feature Redesigned Dynamic Island

Monday July 7, 2025 7:38 am PDT by
iPhone 17 models will feature a redesigned Dynamic Island user interface, according to a post today from Digital Chat Station, an account with more than three million followers on Chinese social media platform Weibo. The account has accurately leaked some information regarding future Apple products in the past. The account did not share any specific details about the alleged changes that are ...
Prime Day 25 Feature Warm Triad

The Best Prime Day Deals on AirPods, iPads, MacBooks, and More

Monday July 7, 2025 10:55 am PDT by
Amazon is back with its annual summertime Prime Day event, lasting for four days from July 8-11, the longest Prime Day yet. As it does every year, Prime Day offers shoppers a huge selection of deals across Amazon's storefront. With the event now underway, we're tracking numerous all-time low prices on Apple gear right now. Note: MacRumors is an affiliate partner with Amazon. When you click a...

Top Rated Comments

pmz Avatar
174 months ago
So, NYT, just to be sure:

1. You asked the user for permission (although not explicitly for what you did).

2. You did not submit this to the App Store (aka, have no idea whether it would have been approved)

Gotcha. Thanks, but you couldn't have put together a more irrelevant example of an App Store App that takes data without permission.
Score: 12 Votes (Like | Disagree)
Consultant Avatar
174 months ago
This is a rare area where Android actually does a better job. The developer of each app must state in the packaged manifest file the access permissions to physical hardware (e.g. GPS, microphone) and services (e.g. file system) that the app uses. These requirements are then shown explicitly in the Android marketplace before the use downloads the app. In iOS, there is a plist for developers to state access requirements, but until now, they are not shown in the App Store.

Nope. Android permission can be easily bypassed by Android malware:
http://www.theregister.co.uk/2011/11/30/google_android_security_bug/
Score: 8 Votes (Like | Disagree)
newagemac Avatar
174 months ago
This is a rare area where Android actually does a better job. The developer of each app must state in the packaged manifest file the access permissions to physical hardware (e.g. GPS, microphone) and services (e.g. file system) that the app uses. These requirements are then shown explicitly in the Android marketplace before the use downloads the app. There is no similar equivalent in iOS or the App Store.
The problem with that approach is that it isn't granular enough. And it can't possibly be granular enough to prevent malware and rogue apps. For example, let's say let's say you are looking for a file manager for your Android device. Well, the manifest says the app needs access to the file system. "Ok, that makes sense." Then you download the app and it proceeds to delete every file on your device and replace them with viruses or something.

There is absolutely no way you can defend against that unless you have a curated approach. If it's a file manager, it needs access to your files. Likewise in the NY Times example, if it is a photo editing app, it needs access to your photos. There is no way getting around it. Someone has to actually test the app to know what exactly it will do once it has access to some particular part of your device. That's why Android is a goldmine for malware and privacy invaders.
Score: 8 Votes (Like | Disagree)
BaldiMac Avatar
174 months ago
If this is okay on iOS, why do you make such a big deal about the same thing on Android?

Having access to private data is not the same thing as malware??? :confused:
Score: 7 Votes (Like | Disagree)
dethmaShine Avatar
174 months ago
This has been verified by a number of people on the forums.

- contacts
- calendars
- photos
- videos

Nothing new. Although, highly severe and critical.

Apple made a mess out of them. They should have treated this data, the way they treat locations in general. Too lenient.
Score: 7 Votes (Like | Disagree)
jtara Avatar
174 months ago
When I first looked at this, I wondered why it even has to request permission for location data.

Well, it does, and that's because photos might contain location information in the metadata.

So, iPhone users can at least be assured that their photos aren't being accessed if the app doesn't ask permission for location data.

This problem has existed since Day 1, and has been ignored by both Apple and millions of users. It goes to show you how easily we trust those who should not be trusted today. I am baffled at the phenomena.

That the public doesn't care is illustrated by the widespread use of Facebook.

It's going to bite many people. I do think that the public will take an about face over the next couple of years, as the chickens come home to roost. I think the major factor driving this will be the largescale abandonment of the traditional resume by job-seekers and employers.

Lots of people are going to find that they screwed themselves royally.
Score: 6 Votes (Like | Disagree)