toggle

AAPL Stock: 96.24 ( + 1.52 )

Printed from http://www.macnn.com

iOS vulnerability allows apps to grab photo, video libraries

updated 06:20 pm EST, Tue February 28, 2012

Severity of threat still uncertain

An iOS vulnerability may be allowing some apps to access a person's entire photo/video library, say developers in touch with the New York Times. The flaw emerges only once a person authorizes an app to use location information, but at that point photo/video access opens up without any extra prompting. The location pop-up does say it will allow "access to location information in photos and videos," but makes no mention of sharing the media itself.

One developer, Curio co-founder David Chen, notes that an app could potentially gather location histories and media and upload them both to a remote server. An anonymous developer reached by the Times, meanwhile, has created an unpublished test app -- "PhotoSpy" -- that successfully demonstrates the theory.

Apple has come under fire in recent weeks for a separate iOS hole allowing apps to access or upload a person's entire address book without permission. Several companies have been forced to amend the way they handle contact data, even though Apple claims that such apps are already against guidelines. The company has promised that a future firmware update will require apps to ask for contact data, but no date has been set.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. testudo

    Joined: Dec 1969

    +4

    oh, wait

    I know, it isn't a 'real' vulnerability because you're warned by iOS and so you have to grant it access, so it's your own fault.

    Just like it's your fault for putting contacts into the address book. You're just begging developers to swipe that data.

  1. chas_m

    Moderator

    Joined: Dec 1969

    -5

    Yes, Trolltudo, you're right

    This issue IS better handled than it is on Android, where apps just take what they want without any notification whatsoever, and in fact are often "zombie" bots or virus apps.

    It's true that Apple needs to clamp down on this -- the nerve of them assuming that developers would follow guidelines! -- but at least they ARE doing something about it, unlike laissez-faire Google which is only unhappy with data-mining apps when they do a better job of it than Google itself is doing.

    I'm glad to see we completely agree that Apple isn't perfect, but is a h*** of a lot better than evil, thieving, promiscuous, virus-ridden Android and Google. Glad to see you are coming around.

    Comment buried. Show
  1. Arne_Saknussemm

    Joined: Dec 1969

    -11

    "a lot better than evil, thieving, promiscuous,...

    Yep,

    Apple is just plain...

    GREEDY!!!

  1. HostMyApple

    Joined: Dec 1969

    +11

    font-size:13px

    So now if a rogue app is going to upload all your photos to india it is going to ask for permission first. Awesome

  1. facebook_Collin

    Via Facebook

    Joined: Feb 2012

    -2

    Let's not forget

    Apple can, and does pull offending apps on a regular basis. So if an app starts making use of this "exploit" before Apple fixes it the app will just get pulled and wiped off of people's iOS devices. As chas_m pointed out, I will take Apple's walled garden for security over "evil, thieving, promiscuous, virus-ridden Android and Google."

  1. testudo

    Joined: Dec 1969

    +2

    Re: Let's not forget

    Apple has never wiped an app off of any device. Even those that are known to, say, steal your address book.

    And if Google had the capability to wipe an app off the device, you'd be talking about big brother and you can't trust them to not just delete whatever they don't want you to have, yadda yadda yadda.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

D-Link Wi-Fi Smart Plug

Home automation fans have been getting their fair share of gadgets and accessories in the last few years. Starting with light bulbs, a ...

Razer Kraken Pro headset

Gaming headphones are a challenge to get right, for a long list of reasons that are unique to the consumer buying them. Some shoppers ...

Patriot Aero Wireless Mobile Drive

Regardless of how large a tablet you buy, you always want more space. There's always one more movie or another album you'd cram on, ...

toggle

Most Commented