In the same way that apps can access the address book of iOS devices, it is also possible for location information and to upload photos to a remote server. Apple has not yet responded to the potential privacylek.
At the beginning of February it became known that the app Path is the contents of the address book uploaded to the private servers. Other apps, such as social-networking sites Twitter and Gowalla, were found to be guilty of these practices. The access to the address book was made possible by an ambiguous message of iOS for access to this data. For the user is not to infer whether the access is local or remote.
According to The New York Times does the same method also for access to photos and videos, and for the location information contained herein are stored. The media company had a third-party developer asked a testapplicatie to write this functionality built in by default in the iOS sdk, demonstrates.
The PhotoSpy app asks the user on first use to grant access to location information in photos and videos. This message is not to infer that in addition to having access to the location information, also the entire collection of photos is disclosed for a malicious developer. The photos and videos can then be uploaded to external servers.
According to developers, the functionality is already available since iOS4, but it was so far assumed that Apple’s apps on the use thereof are sufficient an option at that. The New York Times put there, so to be questioned. The PhotoSpy app was in any case not submitted to Apple for approval for the Apple Store. Apple would, according to The New York Times well do the user informative messages to offer.
Moritz Haarmann reports on his blog that the functionality to upload pictures and videos, made possible by the ALAssetsLibrary api and associated libraries into the iOS sdk.
According to The Verge would be the possible privacylek not a feature but a bug, and Apple on a fix worked. This would be with the next update of iOS will be included.