MacRumors has reported that someone discovered a new iOS weakness which developers can use to upload the entire photo library. This is true, and the only thing a user has to do is to accept that an app can access location data for videos and photos. Afterwards, the developer has complete access to your library, and can do withit whatever he wants.

As a matter of fact, this is not a security problem. It could be a privacy problem, but I wouldn't be too fast in suggesting that. You'll most likely notice when someone is uploading your library to some server ( I just tried. ). What's stunning here is that people are running around, claiming to be security experts or some other blubberdiblu, while the actual mechanics to retrieve the pictures is a public API built into iOS that should be known by every so-called App Developer: the ALAssetsLibrary and friends. This API is exactly useful to do one thing: retrieve images from the internal library. Nothing new, it has been around since iOS4.

By the way, every Android App has full reading permissions to all files on the SD-Card, which is where usually photos are stored. ( According to Lars Vogel's Android tutorial on writing and reading files ).

Oh, and before I forget to mention that: Same is true for WP7, there is comparable API for accessing picture data. ( see ) .