iOS security loophole lets apps grab user photos

By Lee Kaelin on February 29, 2012, 11:30 AM

A new security flaw affecting Apple’s iOS mobile platform has been revealed in a report published by the New York Times’ Bits blog, which disclosed a loophole that enables apps to grab photos in users' phones they are installed on.

The paper said that developers can gain access to a user's entire photo library using the dialog window that requests access to location information. Apparently, when the OK button is selected, the app is then able to copy the photos, complete with the GPS meta data to a remote server without the handset owner even being aware of this taking place.

Despite the worrying claims, and the fact that New York Times was able to successfully prove them with an unpublished test app from an unnamed developer, the paper admits that it is unclear whether any apps in Apple’s App Store are actually exploiting the loophole to steal users' photo libraries.

"It is unclear whether any apps in Apple’s App Store are illicitly copying user photos. Although Apple’s rules do not specifically forbid photo copying, Apple says it screens all apps submitted to the store, a process that should catch nefarious behavior on the part of developers," Nick Bilton stated.

He further added that despite the fact they screen all new apps to reduce the chance of illegal activities by developers, the Cupertino-based company did previously approve many apps that collected contact information even though it was against their own App Store guidelines. 

Bilton believes the loophole arrived with the iOS 4.0 mobile OS release in 2010, citing that the location feature was introduced in the name of efficiency alongside Apple’s major focus on improving the OS’ multitasking features.

According to sources familiar with the matter speaking to the Verge, Apple has been made aware of the issue and plans to fix the loophole in an upcoming release of iOS. The same sources also stated that being able to send photos to a third party was in fact an error, and not an intended action.

Apple has declined to comment on the loophole, or their plans to patch it in a future update.




User Comments: 9

Got something to say? Post a comment
Tygerstrike said:

Oh dear god. Yet another App issue with Apple. Dont they say that Apple has the best apps and that the app market is secure?

Guest said:

Tygerstrike

EVERY platform has vulnerabilities. Every.. single.. one. There is no such thing as a platform which fits all of the following 3 criteria:

1. Is currently without flaws.

2. Has never been flawed at any point in its lifecycle.

3. Will never BE flawed in any way.

The convergence between Windows desk & mobile environments is getting close enough that viruses can affect both equally (antivirus on your phone? Yay!).

The Android market has fake apps which ARE blatantly virus/malware in nature.. that have existed in the market for months even after they were 'known' to be malicious.

Why would apple be perfect? GPU drivers = the debil on OSX! But they arent focusing on a games market or improving FPS at decent FoV. You'd have to bootcamp into another environment to run any Triple A title just for the better GL & driver support.

I'm completely platform agnostic and go with whatever the appropriate/cheapest/simplest solution is for the given task or challenge at hand. Get over the hate and accept that Apple/Android/Windows/Linux/Samsung/Lambchop etc are just TOOLS and you have the luxury of choosing (with your wallet) which is more useful or effective at meeting your needs.

p.s. Random question failure. It asked me what company was AMDs biggest rival and then knocked me back when I answered 'Themselves'....

Guest said:

Mainframes are pretty solid. I guess when they were first developed they weren't but over 50 years of existence kinda fixed that. They may be archaic, but they're virus free!

Guest said:

Mainframes from which manufacturer? Running which platform? Which revision? :)

I know one place I have worked for hasnt patched or updated their solaris platform in 8 years for fear that it will break something. The last time they tried updating the ABE (alternate boot environment) it broke the entire cluster.

No such thing as a flawless system. Stable is good enough for 99% of the population who don't care as long as it plays Angry Birds.

gwailo247, TechSpot Chancellor, said:

Guest said:

Tygerstrike

EVERY platform has vulnerabilities. Every.. single.. one. There is no such thing as a platform which fits all of the following 3 criteria:

LOL

Only one platform says its does not have any vulnerabilities. Only. One. Apple.

Now shoo off back to your "agnostic" home filled with Apple products.

Guest said:

I dont' get it. A post which included examples of ways that oses differ that included apple counts as fanboi-ism?

Thats some srs apple hate.

Tygerstrike said:

My point was that Apple tells everyone including the ppl they have sell their product, that Apple devices are secure and the Apple Market is completly secure. I was told at an Apple store that the Apple Market screens all apps for bugs, malware, ect. It was one of the defining points in my mind for going with Apple over any of the other brands. After having members of my family suffer from identity theft, Im a bit gunshy. The fact that Apple SEEMS to keep having these security issues, makes me wonder if Apple is just telling their ppl to say that their Apps are secure just to get a sale. It wouldnt surprise me if that was the case.

Guest said:

Thats a fair call Tyger. I guess we'll have to wait and see how the proposed Microsoft stores go when they eventually open and what sort of claims they make then =P

Tygerstrike said:

Given that both Microsoft and Apple are Tech companies with not only their product but their reps on the line, It surprises me when yet another flaw is found. Im pretty sure Microsoft will also say whatever in order to get a sale. But that level of dishonesty tends to come back and bite them on the rump. I wont be purchasing another Apple product in a very long while. Apple has in general lost me as a repeat customer. I will go with a windows or android phone next and Apple can sit and spin.

Atleast warn your customers that there may be a problem with whatever.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.