The reports followed a discovery last month that some iPhone apps were secretly collecting users’ address books. But while that was a case of developers intentionally playing fast-and-loose with privacy to make their apps better, the photo snooping issue is the result of loopholes. The Times said it’s unclear whether any iPhone or Android apps are actually gathering users’ photos in secret.
Photo Snooping on iPhone vs. Android Phones
With the iPhone, the loophole is tied to the permission apps seek to use location data. When a user allows an app to “access location information in photos and videos,” the app then gains access to the user’s photo and video collections, and can then send that data off to a faraway server without telling the user.
On Android, an app only needs permission to access the Internet, which for many apps is a necessity anyway. Users see a list of permissions that an Android app needs before installation, but it’s up to the user to read those permissions to decide if they match with the app’s purpose. In this case, however, an app doesn’t need to say that it’s getting access to your photo library.
Response from Apple and Google
Apple hasn’t commented on the matter of photo snooping, but unnamed sources tell The Verge that Apple may close the loophole in a future software update.
Google, maker of the Android operating system, told the New York Times that its loophole resulted from the way some phones use microSD cards for storage. Because a user may transfer photos from one card to another, requiring permission to access photos is complicated. A user may allow access on one card, but not on another. (Funny, though, that Google’s solution is to not require permission at all.) Google says it’s considering a change in policy, especially now that more phones use built-in storage instead of microSD cards.
The Bigger Picture
Want to get really creeped out? Read 9to5Mac’s story on iPhone privacy from a few weeks ago. In it, Seth Weintraub reported that Contact information is just the tip of the iceberg, and that iOS apps also have full access to pictures, music, movies, calendars and other data. He highlights the scenarios where this could be a problem, such as a spam marketing firm whose free flashlight app gathers users’ contacts, or a government that collects users’ pictures for intelligence gathering.
But Weintraub also notes that any desktop application on your computer essentially has the same permissions. To lock everything down would mean requiring endless approvals from the user. “In other words,” he writes, “opening Facebook would take 10 minutes.”
Which brings us to a point raised by MG Siegler: At some point, you have to trust the apps you use, just like you have to trust that you won’t get mugged when you leave the house.
I see it a bit differently: You have to use the apps that you trust. Apps like Path and Instagram don’t care about the content of your photos, or what secrets lie within your address book. They just want to make their products better. But not every app is so trustworthy. If you happen upon an app with no user reviews, from a developer with no track record, maybe it’s best to stay away. You probably won’t get mugged in broad daylight, but you wouldn’t walk around a shady part of town after dark, would you?
The reports in the Times and elsewhere have shown us how smartphone apps could potentially violate privacy, but you can’t rely on companies like Apple and Google to protect you all the time. Sometimes, common sense is the best defense.
(MORE: 50 Best iPhone Apps 2012)