AAPL Stock: 117.81 ( -0.22 )

Printed from

iOS vulnerability allows apps to grab photo, video libraries

updated 06:20 pm EST, Tue February 28, 2012

Severity of threat still uncertain

An iOS vulnerability may be allowing some apps to access a person's entire photo/video library, say developers in touch with the New York Times. The flaw emerges only once a person authorizes an app to use location information, but at that point photo/video access opens up without any extra prompting. The location pop-up does say it will allow "access to location information in photos and videos," but makes no mention of sharing the media itself.

One developer, Curio co-founder David Chen, notes that an app could potentially gather location histories and media and upload them both to a remote server. An anonymous developer reached by the Times, meanwhile, has created an unpublished test app -- "PhotoSpy" -- that successfully demonstrates the theory.

Apple has come under fire in recent weeks for a separate iOS hole allowing apps to access or upload a person's entire address book without permission. Several companies have been forced to amend the way they handle contact data, even though Apple claims that such apps are already against guidelines. The company has promised that a future firmware update will require apps to ask for contact data, but no date has been set.

by MacNN Staff



  1. testudo

    Joined: Dec 1969


    oh, wait

    I know, it isn't a 'real' vulnerability because you're warned by iOS and so you have to grant it access, so it's your own fault.

    Just like it's your fault for putting contacts into the address book. You're just begging developers to swipe that data.

  1. chas_m



    Yes, Trolltudo, you're right

    This issue IS better handled than it is on Android, where apps just take what they want without any notification whatsoever, and in fact are often "zombie" bots or virus apps.

    It's true that Apple needs to clamp down on this -- the nerve of them assuming that developers would follow guidelines! -- but at least they ARE doing something about it, unlike laissez-faire Google which is only unhappy with data-mining apps when they do a better job of it than Google itself is doing.

    I'm glad to see we completely agree that Apple isn't perfect, but is a h*** of a lot better than evil, thieving, promiscuous, virus-ridden Android and Google. Glad to see you are coming around.

    Comment buried. Show
  1. Arne_Saknussemm

    Joined: Dec 1969


    "a lot better than evil, thieving, promiscuous,...


    Apple is just plain...


  1. HostMyApple

    Joined: Dec 1969



    So now if a rogue app is going to upload all your photos to india it is going to ask for permission first. Awesome

  1. facebook_Collin

    Via Facebook

    Joined: Feb 2012


    Let's not forget

    Apple can, and does pull offending apps on a regular basis. So if an app starts making use of this "exploit" before Apple fixes it the app will just get pulled and wiped off of people's iOS devices. As chas_m pointed out, I will take Apple's walled garden for security over "evil, thieving, promiscuous, virus-ridden Android and Google."

  1. testudo

    Joined: Dec 1969


    Re: Let's not forget

    Apple has never wiped an app off of any device. Even those that are known to, say, steal your address book.

    And if Google had the capability to wipe an app off the device, you'd be talking about big brother and you can't trust them to not just delete whatever they don't want you to have, yadda yadda yadda.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented