Lax photo permissions on iOS, Android may lead to FTC investigation

By on

Just last week, the New York Times discovered that iOS apps can silently access and copy photos from a user's photo library to a remote server with little to stand in the way. As it turns out though, it's not just iOS this time -- Android apps can do it too and perhaps even more easily than their iOS counterparts. 

In light of this discovery, U.S. Senator, Chuck Schumer (NY - D), issued a statement on Sunday where he described the lack of security as "disturbing" and "potentially unfair". The senator has called on the FTC to investigate both Apple and Google. Schumer has asked specifically for a comprehensive investigation to explicitly determine whether or not copying or distributing personal information from a user's phone without their consent constitutes an unfair or deceptive trade practice.

"When someone takes a private photo, on a private cell phone, it should remain just that: private," said Schumer. "Smartphone developers have an obligation to protect the private content of their users and not allow them to be veritable treasure troves of private, personal information that can then be uploaded and distributed without the consumer’s consent."

Source: senate.gov

A couple weeks prior to this latest privacy faux pas, Apple was lambasted for allowing apps to silently access, copy and upload users' contacts to a remote server. This alarming privacy blunder was brought to light by a developer who took a very close look at Path, a popular photo-sharing app. He inadvertently discovered that Path was uploading contacts to their servers without any indications or warnings. Not surprisingly, other apps are doing it too.

As for Android, users were at least offered a warning during install time, but this rudimentary barrier isn't sufficient for most users.

Apple issued a response in the following weeks that it would resolve this issue in a future update.

The new issue is very similar to the contact list debacle, only this time it involves photos. With iOS this time, users are protected up until they allow the app access to location data services. It's unintuitive from a security standpoint, but it does provide some sort of barrier for apps that users don't completely and totally trust.

If you're an Android user though, any Internet-enabled app has full read access to your photo library and can upload your photos to a third party server without any additional warnings. Schumer believes this is a scary thing and perhaps rightfully so.

According to reports by independent technologists, two separate loopholes, one in the Apple operating system and one in the Android operating system, allow apps to gather users’ photos. In the case of Apple, if a user allows the application to use location data, which is used for GPS-based applications, they also allow access to the user’s photo and video files that can be uploaded to outside servers. In the case of Android-based applications, the user only needs to allow the application to use Internet services as part of the app for third parties to gain access to photo albums.

Although many would agree that the contents of our phones should be private, do such issues truly fall under the realm of the Federal Trade Commission?

Schumer's invocation of the FTC may actually be more for purposes of expediency than anything. Judicial determinations can take a very long time but the FTC has the power to act in relatively short amount of time. By appealing to the FTC, the senator may have lit a fire under Google and Apple, prompting them to act more quickly.

Interestingly, we see multi-national companies appeal to the FTC frequently, rather than courts, in order to resolve intellectual property disputes for this very reason.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.