A loophole within iOS that allows developers to surreptitiously upload users' photos and location data without their knowledge may soon have a fix. The Verge reported on Tuesday evening that its sources said Apple is aware of the bug and is "likely planning a fix" as part of an upcoming update to iOS.
The loophole first came to light earlier this month when various sites began reporting on different aspects of the bug. A couple of weeks ago, following the Path address-book-uploading controversy, 9to5 Mac pointed out that iOS developers not only have access to your entire contacts database—they also have access to your photos, music, movies, calendars, and more with their associated geotags.
The New York Times then published its own investigation into the matter earlier this week by having an anonymous developer create an app to test the loophole. As long as the user grants permission for the app to access a particular kind of information, such as photos with location data attached, those photos can begin to be siphoned to a remote server without the user's knowledge or permission.
Apple released a statement shortly after the Path controversy saying it was planning a future software release that would force developers to ask for explicit permission before uploading user data. Since the address book behavior is the same as that with photos and other data, it indeed seems very likely that the Verge's sources are correct and upcoming fix will address all of those issues at once. In the meantime, if you're a C-level celebrity who's afraid of your photos being siphoned and mapped out by a crazed fan, do what I do: go into your Settings > Location Services and turn off location services for the Camera app. It helps—a little.
reader comments
23