[kubik369]

I am surprised no top comment mentions this — on iOS, you cannot distinguish if you were granted a permission or not. As an example, if an app asks you for access to your photos, it will always get an array. The trick is that when you deny this permission, the array will be empty, so you cannot know if the user simply has an empty library or if he denied you access. I like it, simple and elegant.

Naturally, in the case of photos, you can use a heuristic, because basically everyone will have at least some pictures. However, in the case of other types of data, say, health data, it is not so clearcut.

[JimDabell]

> on iOS, you cannot distinguish if you were granted a permission or not.

This isn’t correct. For instance, accessing location services provides CLAuthorizationStatus:

https://developer.apple.com/documentation/corelocation/claut...

…and push notifications have UNAuthorizationStatus:

https://developer.apple.com/documentation/usernotifications/...

…and health data has HKAuthorizationStatus:

https://developer.apple.com/documentation/healthkit/hkauthor...

…and contacts has CNAuthorizationStatus:

https://developer.apple.com/documentation/contacts/cnauthori...

…and photos has PHAuthorizationStatus:

https://developer.apple.com/documentation/photokit/phauthori...

Photos is a special case because the user has the option of denying access, giving limited access, or giving full access. You can determine if the user has denied access, but you cannot distinguish between limited access and full access.

[epoch_100]

> but you cannot distinguish between limited access and full access

I believe you can check whether you received limited photos access: https://developer.apple.com/documentation/photokit/phauthori...

[JimDabell]

Sorry, you’re correct. I was thinking of the case where older applications receive PHAuthorizationStatus.authorized when the user has selected restricted. There are newer APIs to handle the restricted access changes.

[ciex]

I recently tried using Sony's (frustrating) Imaging Edge app to transfer photos from a camera to an iPad and gave it limited access and it refused to transfer images! When I changed the permissions to full access it worked. So there must be some difference, maybe not an obvious one.

[atorodius]

Not sure how they do that, but I’d say that on most iPhones in the wild, having the API return <25 images is probably a pretty good indicator that that’s not all pictures.

[H8crilA]

How does that work for location?

Also, an empty folder with photos is almost certainly implying lack of permissions. Very few people never took a picture.

[plagiarist]

I think they're just full-on mistaken, and it is possible for the app to distinguish between access levels: https://developer.apple.com/documentation/photokit/phauthori...

[fbdab103]

If nothing else, no photos is likely blocked permissions, but if there are no photos, contacts, location, health data, etc the sum of those parts is a very strong signal.

[didntcheck]

I suppose they could select a random location within the country/state. Even select it with population weight so that the app would struggle to infer if it was being spoofed. As with any spoofing, it would be necessary to store some state for each app, and generate locations similar to the last one (but not too similar. Random weighted walk maybe, weighted towards some randomly chosen "home" and "work" and hangout places, ideally based at actual buildings in the right districts?)

If you want to go even harder you could try to do the same with images. Generate some basic images of typical snapshot scenes with some AI model, and further postprocess the pixel data to try and give it a statistical distribution that looks like a real camera rather than AI. Add some realistic EXIF too. Doing this on demand may be quite expensive, so the phone could pre-fill a cache of fresh images during quiet hours or something

This all sounds very excessive, but I will give Apple credit and say they're one company who I could actually see going to these lengths if they decided they wanted it

[yonatan8070]

Almost certainly isn't good enough if your app has tens of thousands of users, what if someone got a new device and didn't restore a backup? I've met many people who wouldn't know how to transfer data from an old device

[jackson1442]

You can also select a subset of pictures to grant the app access to, which makes the heuristic fall apart if you properly manage it as a user.

[rappatic]

What about other permissions where you can't realistically send an empty object? For example, if the user grants permission to view location, the location object passed to the app will obviously have the pertinent information. Would the OS simply pass an empty location object and wouldn't that make it obvious that permission was denied? Or is it hidden behind some kind of error

[JimDabell]

They are wrong; you can determine whether you have permission in iOS. For location, you have CLAuthorizationStatus:

https://developer.apple.com/documentation/corelocation/claut...

In any case, the iOS location services don’t work that way. You can’t call them and get a location back due to the way the system works. It simply doesn’t have location data at times and needs to wait for it to become available. You tell the operating system you want to receive location updates and then it delivers zero or more when that information becomes available and when it becomes more accurate or changes. So if iOS needed to withhold information, it wouldn’t have to give an empty object back, it would just not deliver any location updates at all.

[macintosh-hd]

This is obviously untrue and can be seen by almost any app that asks for notification access.