iOS security loophole lets apps grab user photos

iPhone | Friday February 24 2012 12:54 AM | Comments (0) Tags: , , , , , ,

iOS security loophole lets apps grab user photos

The iPhone 's camera roll, something developers can download without you knowing?

Josh Lowensohn/CNET)

An iOS security feature that lets users share information about their location can also be a conduit for those applications to surreptitiously grab user photos, according to a new report.

The New York Times’ Bits blog today details how developers can gain access to a user’s entire photo library through the same user dialog window that requests access to a user’s current location. When users click the OK button, the report says, the developer can then copy photos–complete with GPS metadata–to a remote server, without alerting users to the fact.

Before wrapping your iPhone in tinfoil and throwing it into a fire, know that Bits says it’s “unclear” if any apps that have been published to the App Store actually exhibit this behavior. Nonetheless, it adds that an unpublished test application from an unnamed iOS developer was able to successfully upload user photos using the dialog option.

Apple did not immediately respond to a request for comment.

According to Bits, the potential for this loophole opened up in 2010 with the introduction of Apple ‘s iOS 4.0 software. While the focus of that release was on bringing multitasking to Apple ‘s mobile operating… [Read more]

iOS security loophole lets apps grab user photos

No Comments »

No comments yet.

RSS feed.

Leave a comment

You must be logged in to post a comment.