[fitzroy]

The picture metadata exploit is interesting. It would be trivial to guess the user's home and work location given enough photos with EXIF data (locations and timestamps).

I'm curious how this works on iOS. Granting complete access to "Photos" always seemed overly broad. It should be possible to limit an app to only save images, and/or limit accessing images to photos from the last 3 days etc, or only the images the app has created.

Allowing an app to grab literally years of time and location information (via photo EXIF data) just to do something as simple as saving a filtered picture or opening a screenshot seems bad.

But as someone who loves metadata, I'd can't see myself disabling it altogether. Does anyone know how this works today on iOS? Can an app wholesale upload thousands of pics (or just the metadata) in the background without the user knowing?

[saagarjha]

> It should be possible to limit an app to only save images, and/or limit accessing images to photos from the last 3 days etc, or only the images the app has created.

It is, but currently this is something that apps need to use the API for rather than it being something that users can restrict.

[kalleboo]

On iOS, photo write and read access are granted separately, so you can allow an app to only save photos.

Apps can also import photos without any permissions at all by invoking the system photo picker (where the user manually has to pick the photos one by one).

[Tsiklon]

Is it the case that when the app uses the system photo picker, that the app is only ever presented with the photos the user selects? In other words, the app doesn't have direct read access to the main photo library.

[londons_explore]

Correct.

This is true on both android and iOS, but on android the 'system' photo picker is an intent which fires up the gallery/google photos and typically has a pretty bad user experience, so not many app developers use it.