Just when you thought things couldn’t get any worse when it came to developers stealing your private information, it does. The New York Times has unveiled that nefarious developers could theoretically access not only your photos, but your sexy sexting photos too, by taking advantage of location information on your iPhone, iPod touch, or iPad. One, two, three, PANIC!
According to the New York Times:[quote]As it turns out, address books are not the only things up for grabs. Photos are also vulnerable. After a user allows an application on an iPhone, iPad or iPod Touch to have access to location information, the app can copy the user’s entire photo library, without any further notification or warning, according to app developers.[/quote]
The New York Times writers had a developer create a proof of concept application for them, and they were able to have an application up and running the exploit in no time at all. Why developers are allowed to gain access to photos by having customers agree to location based services is beyond me at this point. The Current Location notification that pops up doesn’t exactly say, ‘hey, we can pilfer your photos,’ does it?
It’s probably safe to say that Apple’s App Store isn’t policed nearly as much as most of us assume it is at this point. Don’t assume anything anymore in the Facebook age of privacy violations. While Apple does require all applications to go through a vetting process, it’s becoming increasingly obvious that either the company’s app approval team is filled with clowns that have no idea what they’re doing, or Apple’s just not digging through the code as deeply as most of us assume they would when an application gets submitted. Long story short, the walled garden isn’t doing that great of a job of protecting its users’ privacy. It’s better than the competitors, but honestly, it wouldn’t take much to be a safer environment than the Android marketplace. Right? To be fair, Apple has taken some strides in preventing developers from accessing contacts without a users’ notices. Apple has gone on the record about the contact problem, stating “any app wishing to access contact data will require explicit user approval in a future software release.” There’s a chance similar changes will be coming system wide, and this photo bug could easily be fixed in a similar way in a “future software release.”
Listen, I’m as guilty as the rest when installing applications. I assume that the applications I’m installing are safe and free of privacy problems, but it’s just not turning out that way anymore. We just want to tell you that you should probably start exhibiting the same restraint you do when downloading applications from the Internet for your Mac when it comes to App Store purchases. The applications are probably bug and exploit free, but there’s always going to be one jackass out there trying to steal your information. The result? Assume everyone’s trying to steal your information, and more importantly, ask yourself why an application wants access to your location services. Err on the side of caution and don’t assume someone in a far away office has your back. Those faceless employees are human, and could easily miss something in an application during the vetting process. Just like they missed Path, and thousands of other applications violating Apple’s terms of service by uploading users’ contacts to remote servers, Apple‘s vetting team could easily miss the next major privacy exploit from developers.