AAPL Stock: 128.46 ( -1.96 )

Printed from

iOS vulnerability allows apps to grab photo, video libraries

updated 06:20 pm EST, Tue February 28, 2012

Severity of threat still uncertain

An iOS vulnerability may be allowing some apps to access a person's entire photo/video library, say developers in touch with the New York Times. The flaw emerges only once a person authorizes an app to use location information, but at that point photo/video access opens up without any extra prompting. The location pop-up does say it will allow "access to location information in photos and videos," but makes no mention of sharing the media itself.

One developer, Curio co-founder David Chen, notes that an app could potentially gather location histories and media and upload them both to a remote server. An anonymous developer reached by the Times, meanwhile, has created an unpublished test app -- "PhotoSpy" -- that successfully demonstrates the theory.

Apple has come under fire in recent weeks for a separate iOS hole allowing apps to access or upload a person's entire address book without permission. Several companies have been forced to amend the way they handle contact data, even though Apple claims that such apps are already against guidelines. The company has promised that a future firmware update will require apps to ask for contact data, but no date has been set.

by MacNN Staff





  1. testudo

    Joined: Dec 1969


    oh, wait

    I know, it isn't a 'real' vulnerability because you're warned by iOS and so you have to grant it access, so it's your own fault.

    Just like it's your fault for putting contacts into the address book. You're just begging developers to swipe that data.

  1. chas_m



    Yes, Trolltudo, you're right

    This issue IS better handled than it is on Android, where apps just take what they want without any notification whatsoever, and in fact are often "zombie" bots or virus apps.

    It's true that Apple needs to clamp down on this -- the nerve of them assuming that developers would follow guidelines! -- but at least they ARE doing something about it, unlike laissez-faire Google which is only unhappy with data-mining apps when they do a better job of it than Google itself is doing.

    I'm glad to see we completely agree that Apple isn't perfect, but is a h*** of a lot better than evil, thieving, promiscuous, virus-ridden Android and Google. Glad to see you are coming around.

    Comment buried. Show
  1. Arne_Saknussemm

    Joined: Dec 1969


    "a lot better than evil, thieving, promiscuous,...


    Apple is just plain...


  1. HostMyApple

    Joined: Dec 1969



    So now if a rogue app is going to upload all your photos to india it is going to ask for permission first. Awesome

  1. facebook_Collin

    Via Facebook

    Joined: Feb 2012


    Let's not forget

    Apple can, and does pull offending apps on a regular basis. So if an app starts making use of this "exploit" before Apple fixes it the app will just get pulled and wiped off of people's iOS devices. As chas_m pointed out, I will take Apple's walled garden for security over "evil, thieving, promiscuous, virus-ridden Android and Google."

  1. testudo

    Joined: Dec 1969


    Re: Let's not forget

    Apple has never wiped an app off of any device. Even those that are known to, say, steal your address book.

    And if Google had the capability to wipe an app off the device, you'd be talking about big brother and you can't trust them to not just delete whatever they don't want you to have, yadda yadda yadda.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

OmniPlan (OS X, iOS)

We reviewed the Omni Group's most famous Mac software, a To Do app called OmniFocus, back in June 2014, and we were impressed. Some o ...

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

Thecus N2310 NAS

For every computer user, there comes a point of critical mass in data storage. When it hits, external hard drives, USB sticks and DVD ...


Most Commented