iOS apps can read metadata revealing users’ location histories
In what looks like an Apple oversight, a developer has discovered that apps can access image metadata and therefore a pretty good history of iThing users’ location.
Felix Krause, founder of Fastlane.Tools, reported the issue here and explains that “If an app gets permission to access the image library, it will get full access to all image metadata also, including the exact location.
“This is a serious privacy issue, as third party camera apps that want to just store a picture the user took, will also get full access to all photos and their locations in their image library.”
It’s ridiculously easy to grab user image metadata after that:
```objective-c
PHFetchResult *photos = [PHAsset fetchAssetsWithMediaType:PHAssetMediaTypeImage options:nil];
for (PHAsset *asset in photos) {
if ([asset location]) {
// Access the full location, speed, full picture, camera model, etc. here
}
}
```
In his proof-of-concept at GitHub, Krause explains he “built the initial prototype within under an hour”.
The entire EXIF data set is available to an app with permission to access the image library, so it’s more than just a user’s location. Krause gives the following list:
Sponsored:
The Joy and Pain of Buying IT – Have Your Say
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/09/28/ios_image_metadata_location_leaks/