Apple is under fire for yet another iOS security issue. The New York Times' Nick Bilton is reporting that a loophole in iOS allows third-party developers to access your entire photo and video library, as well as the location data attached.
Bilton had an anonymous developer set up a test app to collect photos and location info from an iPhone. Once it was granted permission to access location data, it began collecting photos and location coordinates and adding them to a remote server.
Developers have been aware of this loophole for a while, Bilton said, but it's unclear whether or not any apps are actually doing it. Apple has not spoken on the issue and did not immediately respond to questions from PCMag.
Apple faced a similar issue earlier this month with Path, when it was revealed that the iOS version of the app uploads the entire iPhone address book without user permission. Path apologized and released an update of its iPhone app that lets users opt in or opt out of contact information sharing. But the issue wasn't limited to just Path–it was discovered that many other popular apps were doing the same.
Some affected apps, including Instagram for example, reacted by adding a permissions menu regarding address book access to avoid similar scrutiny. Additionally, Twitter, which has an opt-in model, has pledged to be more transparent about how contact data is collected.
Apple responded to the Path debacle, promising that it will soon release a software updatethat requires apps to gain consent to access contact information.