Working around iOS’ location services permissions
iOS has a pretty good permission system that gives the user granular control on what personal data apps can access - things like location, contacts, calendars, pictures, etc. As far as I know, these permissions are bulletproof - there are no vulnerabilities there per se.
However, there are ways in which apps can work around them and still get access to things they shouldn’t. I feel like there’s a lack of awareness about this and the current permissions UI is dangerously flawed.
Location services and photos
The native Camera app (and presumably third-party ones*) allows you to geo-tag your pictures with the location they were taken at. The idea sounds great in theory, and there isn’t much to be concerned about - your camera app is trusted, right?
The issue is, every single photo you’ve now taken has location attached which over time would give an attacker a pretty good idea of your...
Continue reading →