Sorry!! The article you are trying to read is not available now.

More Trouble at the App Store

Print comment Post Comments

A couple of weeks ago, Apple (AAPL), after some Congressional agitating, changed its apps policy to make it a little bit more difficult for developers to access customer address books. Previously, apps could access contact data without explicit user permission, a feature that could potentially benefit developers -- by allowing them to, say, invite all of your friends to get Tapfish -- but did absolutely nothing for customers.

Well, while Apple’s policy change may have implied that the company had learned a lesson about unclear privacy policies and users’ ability to understand them, it looks like they haven’t. Yesterday, the NY Times Bit Blog ran a story on a loophole with its location services permission.

Basically, every time an application asks a user permission to use their location, the request includes the caveat that this also allows access to photo and video. So, if a user downloads something like Yelp or anything involving directions -- apps that are much more useful with location services on -- these apps could conceivably download all of that user’s photos.

To test this theory, the Times asked a software developer to build an app with the sole intention of siphoning photos off users’ iPhones. Once location permission was granted, the app was wildly successful.

Of course, Apple claims to screen against apps that would inappropriately use the photo collection capability. Still, after the address book issues, some users are understandably nervous.

Also, the idea of developers having access to our private photos is just creepy.

Now, it bears repeating that the location services permission does mention the fact that it allows access to photos. The Times is also quick to point out that this technology has been around for a long while. However, asking for photo permissions in a location services permission is inherently confusing and could probably be made clearer. Beyond that, if we’re honest, a large chunk of users don’t read the user agreements (their own fault but still a concern) and location services don’t work particularly hard to make things clear -- nor is the fact that photos are up for grabs mentioned in the location services settings menu.

This news comes at a pretty bad time for Apple. Tech industry privacy policies have come under increasing scrutiny over the past few months thanks to Google’s (GOOG) recent policy changes and Facebook’s pending IPO.

It remains to be seen whether or not Apple will change its location services menu or policy. Until then, remember that an app that wants to know where you are might want to know what you look like as well.
POSITION:  No positions in stocks mentioned.