PSA: Yes, apps can access and upload your Camera Roll too (but that's nothing new)

For a long time now, Apps have been able to access your Camera Roll as long as you give the app permission to access your location. The reason it needs that permission is that there may be geolocation (GPS) date included in your photos, and Apple protects that. Once you grant the location permission, however, the app has unfettered access to your photos and can do pretty much anything it wants with them, including great things like applying filters, doing edits, and sharing via social services. That's how all the popular photography apps work.

It's a non-intuitive, and frankly a little confusing way to handle Camera Roll access, but it shows Apple has thus far focused on protecting location data more than other type of data, including your photos. That means, yes, theoretically, a fake, malicious app could be created just to trick you into giving them location permission, and then they could steal your photos.

But that could happen with all sorts of content, with all sorts of malicious apps.

So is it worth pointing out? Absolutely. Is it worth sensationalizing? No, of course not.

This issue with the Camera Roll has been widely known for years. It's not new. It's just timely given the recent brouhaha over iOS apps uploading Contact information without permission. (Which was also widely known before the latest outcry.)

Apple has indicated they'll be adding Contact permission settings in a future update of iOS, perhaps even iOS 5.1 expected to be released next month alongside the iPad 3. However, there's a greater issue concerning iOS and privacy, and the manageability of privacy options that Apple still needs to address.

So, while nothing new and a tad sensational, it's good that these issues are getting attention, and that privacy is considered something platform makers like Apple need to keep in mind. Hopefully the renewed attention leads to better privacy protections for everyone.

More: 9to5Mac, New York Times

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • "Is it worth sensationalizing?" ask the article about it? ;-)
  • @Glen
    Amen...seemed like an article going nowhere?...s
  • This is very serious problem. Imagine people who keep their design sketches on Apple devices, people with confidant photos etc. This problem is not tricky for users! Take a look on this comment that I found on other site:
    @cpmemories: This could be pretty serious, since anyone, even teenagers, could have naked pictures of themselves on their device(s) that are uploaded to servers without them being aware. Next thing you know the developer is in possession of child pornography.
  • Is it worth reporting on, yes. Is it something to be concerned about, you bet. Its also news worthy since way too many users hit accept on the T&C's for apps without reading. Why do users do that because the terms are confusing and intentionally long.
    Apple has prided itself as having a safe, secure and yes walled garden to insure nothing but the best gets approved. Be careful of what you claim or wish for since flaws are found and exploited and Apple has to do better.
    They should be systematically removing apps that violate the Apples terms, users should know exactly what the EULA means in plain english via the iTunes store before they purchase the app. IF the EULA changes to something the user no longer agrees to and the app is paid for they should be able to get a refund. If they do get a refund and decide to buy the app again (like the Android Market) you don't get a refund the second time around.
    It seems Apple should be doing more to protect their users even if that means they need to protect their users from themselves. Prevention is far better than the disease.
  • I am completely against this. I sometimes take pictures of sensitive information (son's social security card and insurance info, for example). I do NOT need unscrupulous app developers going through my pics and getting access to that info. They have no right to. Apple needs to get this sorted out quick. Location info is one thing, but why is it tied to my photos?
  • Because you can geotag photos they may contain location data. Apple thinks protecting your location is more important.
    Note that Android also doesn't think Photo access should require permission.
  • I enjoy you because of all your valalbue effort on this site. My daughter loves doing internet research and it is easy to understand why. Almost all hear all of the dynamic medium you make very important tips and hints by means of this web blog and therefore attract response from some others about this issue then our own child is now becoming educated a whole lot. Have fun with the rest of the year. You're the one performing a fabulous job.