Apple loophole may expose photos to app developers

The iPhone's camera roll, something developers can download without you knowing?
Josh Lowensohn/CNET
The iPhone's camera roll, something developers can download without you knowing?
The iPhone's camera roll, something developers can download without you knowing?
Josh Lowensohn/CNET

(CBS News) Apple is under fire again for a possible loophole that gives app developers access to personal photos of iPhone, iPod and iPad owners.

According to a report by the New York Times, once an app is installed with location services activated on an iOS device the developer has access to local files. As if that wasn't scary enough, various developers told the Times that an app could "copy the user's entire photo library, without any further notification of warning." Yikes!

Full coverage of Apple at Tech Talk

If you've been following the Apple developers' privacy saga, you're probably thinking: "Again?" App developers were recently placed under scrutiny because of their unrestricted access to users' contacts.

Apple was pressed for answers when allegations that app developers stored users' address books on their servers. App developer Path admitted they had been storing data and later deleted the information and apologized for the breach in privacy. Apple responded to the claims by saying the practice was in violation of their guidelines.

The Times admits there is no indication that any app currently available at the App Store is copying users' photos. However, the Times worked with a developer to create an app to test the theory. Their app, called PhotoSpy, was able to upload photos and location data to a remote server. That's not exactly damning evidence. PhotoSpy was not submitted to the App Store for Apple's approval, so we'll never know if Apple would have approved the app. What's scary is that the function exists.

Screen capture by Chenda Ngak

Apple was accused of tracking users' location data in 2011, when a developer Pete Warden created a program called "iPhone Tracker." Once installed, iPhone users had an eye-opening experience when they were able to see a map with their location hot spots. Apple denied it ever tracked users' locations, but later released a fix for the file that was collecting data.

Facebook denies allegations of reading users' text messages
Apple speaks out on app data-collecting controversy
Google allegedly tracked iPhone users by cheating Safari

Google was also under fire for allegations that the search engine giant was tracking iPhone users' web browsing habits by exploiting a loophole in Apple's Safari web browser. Bypassing Safari's privacy settings would allow Google to track users' browsing habits by installing browser cookies.

Facebook was also accused of monitoring Android users' text messages. While there wasn't much substance behind those allegations, it did beg the question: Why does Facebook require users of the Android app to allow read/write permissions for text messages?

Obama's "Consumer Privacy Bill of Rights" tackles online privacy concerns

With mobile privacy becoming such a hot-button issue, the Obama administration announced a Consumer Privacy Bill of Rights, which pushes for more privacy protection of personal data. The administration said it has been working on the bill for about two-years, but the announcement couldn't have had better timing.