Loophole in Apple?s devices leaves users? photos vulnerable

The private photos on your phone may not be as private as you think. Developers of applications for Apple?s mobile devices, along with Apple itself, came under scrutiny this month after reports that some apps were taking people?s address book information without their knowledge.

As it turns out, address books are not the only things up for grabs. Photos are also vulnerable. After a user allows an application on an iPhone, iPad or iPod Touch to have access to location information, the app can copy the user?s entire photo library, without any further notification or warning, according to app developers.

It is unclear whether any apps in Apple?s App Store are illicitly copying user photos. Although Apple?s rules do not specifically forbid photo copying, Apple says it screens all apps submitted to the store, a process that should catch nefarious behavior on the part of developers. But copying address book data was against Apple?s rules, and the company approved many popular apps that collected that information.

Apple did not respond to a request for comment.

The first time an application wants to use location data, for mapping or any other purpose, Apple?s devices ask the user for permission, noting in a pop-up message that approval ?allows access to location information in photos and videos?. When the devices save photo and video files, they typically include the coordinates of the place they were taken ? creating another potential risk.

?Conceivably, an app with access to location data could put together a history of where the user has been based on photo location,? said David E Chen, co-founder of Curio, a company that develops apps for iOS, Apple?s mobile operating system. ?The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.?

On Apple devices, full access to the photo library was first permitted in 2010 when Apple released the fourth version of iOS. The change was intended to make photo apps more efficient. Google declined to comment on how its Android operating system for mobile devices handles this issue.

?It?s very strange, because Apple is asking for location permission, but really what it is doing is accessing your entire photo library,? said John Casasanta, owner of the successful iPhone app development studio Tap Tap Tap, which created the Camera+ app. ?The message the user is being presented with is very, very unclear.?

The New York Times asked a developer, who asked not to be named because he worked for a popular app maker and did not want to involve his employer, to create a test application that collected photos and location information from an iPhone. When the test app, PhotoSpy, was opened, it asked for access to location data. Once this was granted, it began siphoning photos and their location data to a remote server. (The app was not submitted to the App Store.)

The knowledge that this capability exists is not new, developers say, but it was assumed that Apple would ensure that apps that inappropriately exploited it did not make it into the App Store. Based on recent revelations, phone owners cannot be sure.

As the Apple Store has grown to include more than 600,000 apps, and with Apple facing pressure from Google and Android, some worry that the company is becoming less vigilant about monitoring app developers, exposing users to unnecessary risks and shoddy apps.

This month, Apple allowed a fake 99-cent Pok?mon app into the App Store. Even though it offered only a series of Pok?mon images, it became one of the most popular paid apps before it was removed by Apple.

At Sony, portable games just got bigger

Feb 29: For decades, going back to Nintendo?s original Game Boy, playing on the go meant carrying a separate device. So a great many people never played mobile games. Now that simple games are on phones that people carry anyway, almost everyone can enjoy some sort of interactive entertainment. In this broad context, the idea that a colossus like Sony would devote itself to developing and marketing a device that is at least twice the size of a phone, blatantly endangers the pocket budget of men around the world, and is pretty much built to do one thing well ? play games ? might seem anachronistic. But that is exactly what Sony has done with the new PlayStation Vita. And that is why it?s brilliant.

The Vita is the finest mobile gaming system yet made for adults. It?s that simple. The Vita is not trying to be a phone. It is not trying to be the one-stop shop for everything your digital heart desires. It is not bloated and shackled by the weight of diffuse ambition that you might have expected from Sony.

Yes, there are traces of mission creep in the Vita?s design ? unsatisfying, unpolished elements like social networking where you can see Sony bumping up against the limits of its competence ? but in general the Vita is far more focused and polished than its predecessor, the poorly named PlayStation Portable. The PSP tried to do everything and did little well. The Vita is trying to be a great game machine for core console gamers who don?t mind adding to their pocket budget by carrying around a device in addition to their cellphones.

At that it succeeds superbly. Until now, playing a portable game meant accepting fundamental reductions in the experience, compared with playing a major console game on a big television at home. The graphics were going to be inferior. The screen itself would not appear as attractive. The Vita delivers the basic feeling of having a real game machine in your hands.