IMO Apple should provide the user with audit logs of which photos/videos were accessed by each app. It might be a long list but it alleviates doubt and would put huge pressure on reputable developers to ensure they don’t get caught doing things the user wouldn’t have expected (even if the user technically allowed it).
AndroTux 7 hours ago [-]
I don’t understand why apps need access to my photos at all. (with some very specific exceptions,) apps should only access a photo, which I first select using the system photo picker. There’s no need for apps to access the entire camera roll just so I can select one photo to use with that app.
I know that that’s partially implemented with the limited photo access now, but it’s confusing from a UI perspective and I don’t understand why this isn’t the default.
The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich. Everyone else can suck a lemon.
kccqzy 6 hours ago [-]
The copy/paste feature is underused on iOS. These days if an app needs access to a photo, I try to determine whether the app uses the system photo picker (which doesn't need the app to have photos permission). If it doesn't I simply use the Photos app to copy a photo and then paste afterwards. A benefit is that you can strip location right from the Photos app. With third party apps like Metapho which can be invoked from the share sheet, you can even strip all metadata before copying.
Some apps like WeChat somehow insist on building on their photo picker and they get the copy/paste treatment.
const_cast 6 hours ago [-]
Apple should really had a "strip metadata" option directly in the photos picker widget. It would work well with their privacy marketing.
lights0123 4 hours ago [-]
It does, and location and captions are stripped by default using the system picker. It's the switches icon in the bottom left.
kccqzy 3 hours ago [-]
Doesn't strip all metadata, such as make/model, ISO, aperture etc.
ghostpepper 5 hours ago [-]
FWIW I have a free app installed called iVerify that mostly just reminds me when a new iOS is released but recently I noticed they added a "Strip metadata from photo" feature to the sharing tray, so you can pipe a photo through it and then copy to another app.
blululu 6 hours ago [-]
To your point there are plenty of apps that explicitly operate on the photo reel so the api/permission is needed.
Steelmanning the point: plenty of apps request photo permissions that shouldn’t need it. This is really an Apple problem though. They have their selective access option which is a patch on the problem inconvenient for the user. I have two apps that end up requesting photo permissions because basic things like saving or loading a photo require the full set of permissions. I would much rather Apple just have a widget that allows me to pipe that data in as a black box, since the pop up message is distracting and I only need the most basic capability. Instead they do some prop 65 warning where even the most basic and reasonable uses trip the warning and what’s app is allowed to scan your entire library with the same permission.
kccqzy 6 hours ago [-]
> I have two apps that end up requesting photo permissions because basic things like saving or loading a photo require the full set of permissions.
Absolutely not. Saving a photo does not need the full permissions. If an app does that, the developer is either ignorant or malicious. I see multiple apps that only have "Add Photos Only" permission including apps like Duolingo that.
Similarly the use case of allowing the user to pick one photo doesn't require any permissions at all. Just use the system photo picker. I post reviews with photos regularly on Google Maps and the Google Maps app doesn't have any photo permissions.
dgs_sgd 6 hours ago [-]
> plenty of apps request photo permissions that shouldn’t need it
True, and this could maybe be solved by better app store review.
Every app submitted to the app store is reviewed by a human for approval. The reviewers could apply more scrutiny to photo permissions and reject apps whose permissions aren't justified.
jamwil 7 hours ago [-]
iOS already has exactly the experience you describe and it clearly urges you toward sharing only specific photos.
The only feature request I have is to be able to scope app permissions to an album, since the current flow of selecting individual photos adds a lot of friction.
privatelypublic 7 hours ago [-]
Unfortunately, no. It allows you to select which photos an app has access to, and I doubt anybody uses it more than once because of how many taps it takes to include a new photo. Unless I'm missing something.
zimpenfish 6 hours ago [-]
> It allows you to select which photos an app has access to
Yeah, that's the "limited access" mode but if the app uses the system photo picker[0], the app doesn't need any photos permission to pick a photo. Blame the app developers for not updating their apps (and this has been available since 2021 - they have no excuse.)
> Apps don’t need to request photo library permission when using either class, so the sample app avoids requesting permission until it’s necessary. A camera app, photo editing app, or library browsing app needs to use much more of PhotoKit‘s functionality, but [[an app that’s only setting a basic profile photo doesn’t need photo library permission]].
The argument for the walled garden is that Apple should be taking these options away from the developer in favor of user security. Yes, blame the developer, but also blame Apple.
privatelypublic 2 hours ago [-]
Looks like zpempenfish is right- most apps are inappropriately asking for the wrong permissions.
I feel the issue here is apple not enforcing developer guidelines(unless I'm misremembering here too). However, that frequently requires people making a stink. I suspect Apple's legal team has decided not to make an issue off it because of the Epic lawsuit- where public opinion is largely against Apple... even though Apple told Epic to pound sand over issues Epic has paid the FTC _HALF A BILLION DOLLARS_ and counting... to settle. See: https://www.ftc.gov/news-events/news/press-releases/2022/12/...
And to forestall "but apple's cut." Reality check: google's policy is substantially identical, and amazon appstore's was "we'll take 30%, but give 20% back in expiring AWS credit." I'm sure ya'll will let me know of other app stores' policies.
nielsbot 2 hours ago [-]
Meta: You know, the user might accidentally pick "all photos" and then we get to hoover their photo roll up.
davzie 7 hours ago [-]
You're right, I think a better UX would have been to let me select which photos I want to use like a normal camera roll picker and to just automatically make that photo available to the app requesting it rather than me having to first go and approve which photos to make selectable and then going to select it after.
BillSaysThis 17 minutes ago [-]
I use it explicitly for Facebook
jamwil 7 hours ago [-]
That’s exactly what OP asked for. To select which photos an app has access to using the system picker so they can’t see the whole camera roll.
AndroTux 7 hours ago [-]
No. I want to select photos the app has access to now. I don’t want to readjust my selection every time I want to upload a new photo. What I want is an upload button like in the browser.
I click “add photo”, the system dialog opens, I select a photo, and then that gets sent to the app. Somehow, Apple managed to screw that up.
ks2048 2 hours ago [-]
Exactly this exists. (It’s called PHPickerViewController). It does not require permissions because the image upload process is explicitly choosing an asset.
Photo centric apps may choose more extensive APIs, but those require OS-level permissions (the user explicitly giving access)
Zanfa 6 hours ago [-]
> I click “add photo”, the system dialog opens, I select a photo, and then that gets sent to the app. Somehow, Apple managed to screw that up.
That’s exactly how it works for me in iOS at the moment.
In addition, I can see the list of photos each app has been granted access to in Settings > Privacy & Security > Photos.
nar001 6 hours ago [-]
Could what you're saying also be basically, you see your whole photos, your whole gallery but the app itself only has access to the one picture you tap on? That way for the user it looks the same as if the app had access to your whole photos, but the app actually only sees the one you select?
billti 2 hours ago [-]
That's what I do. Works great. Yes a couple of extra clicks is annoying, and apps are often "Hey how about you go into settings and let me access all your photos for a better experience!", but I'm happy with 2 or 3 extra clicks the few times a month I share a photo in order to limit access.
bee_rider 3 hours ago [-]
I use it every time. The alternative is to give Meta access to your whole photo roll, which… they will obviously abuse, whatever toggles you set, right?
It isn’t so bad, but I don’t upload much.
7 hours ago [-]
throwaway1777 7 hours ago [-]
[dead]
moi2388 7 hours ago [-]
Well, no. It keeps giving permission to the app, and it’s a lot of clicks to manage.
It shouldn’t give access at all, but use a secure clipboard implementation so that only that app can read it out exactly once.
jamwil 7 hours ago [-]
Whether you share it once or in perpetuity is of no practical consequence. They already have the photo at that point.
I agree about the clicks—the UX should be one-shot select and share with the permissions handled implicitly.
moi2388 6 hours ago [-]
It’s about permissions to read out the photo album to begin with, as well as due to it being a pain to change often leading to whole selections of photos being shared
hombre_fatal 6 hours ago [-]
No, they (and I) want it to work like the web browser file upload component where you don't need to grant permission ahead of time because it's nonsensical.
Imagine if every time you wanted to upload a file online, you first had to allow the one website to access that image first in one menu before you could select the image in the normal file upload menu. That's the UX they're complaining about.
Zanfa 6 hours ago [-]
But you don’t have to do it ahead of time. When you click add photo, you get the system picker to choose the photo and once you’ve selected what you wanna grant access to, that’s it. Literally not a single menu needs to be opened, nothing needs to be configured.
Any UX other than this is something the app developer has implemented on top. iOS works exactly like you described.
hombre_fatal 3 hours ago [-]
You're not understanding the complaint or you have Full Access turned on without realizing it.
Set an app like WhatsApp to No Access or Limited Access.
Now try to upload a photo into chat.
Instead of just presenting you with all of your photos so that you can upload one, you first have to click "Manage" -> "Select more photos" -> "Add the photo".
Now you can select that one photo for upload.
That could obviously be trimmed up into Grant + Upload in a single operation, but instead it's so clunky that people grant Full Access just to avoid it.
It doesn't make much UX sense since I want to push one image into the app one time, while priv granting is for future pull operations that don't make sense 99% of the time.
Zanfa 2 hours ago [-]
> Instead of just presenting you with all of your photos so that you can upload one, you first have to click "Manage" -> "Select more photos" -> "Add the photo".
That's not a OS limitation, this is a UX dark pattern from WhatsApp that they've purposefully added to make the UX terrible to push people into granting "Full Access".
I just tested it with both "Add Photos Only" and "Limited Access" modes with Signal and iOS does exactly what you described as the perfect UX. It's literally the following:
1) Tap Add Photo in a chat
2) System photo picker appears
3) Select which photo you want in your entire gallery (not limited to photos previously granted to Signal)
4) Photo is sent to chat
Again, this is with both non-Full Access modes. I think your beef is with Meta, not Apple.
hombre_fatal 51 minutes ago [-]
Hmm, I can confirm that Signal does work the way you describe.
It looks like there is a separate API for "Private Access to Photos" that is less common than the UX I describe (WhatsApp, Reddit, Twitter, Discord).
Maybe one thing we can agree on is that if apps have to opt-in to the API that's better for users, then we can also blame Apple.
ChrisLTD 5 hours ago [-]
Something like "allow app access to last photo" would be ideal for me
Nevermark 4 hours ago [-]
Why?
If they have access to the last photo ... every photo you ever took was the last photo. Why mess around giving app's permission to surveil/siphon off your photos at all?
Any carte blanche for apps, and apps will go to great lengths to take advantage of that in unexpected ways, and obscure the fact they are doing so.
And privacy losses can never be verifiably reversed.
All most apps need is for you to select photos to upload/import using an Apple supplied photo selector. So they only see and get exactly what you want them to have.
dd_xplore 7 hours ago [-]
Even android has it!
m463 2 hours ago [-]
I saw the canon camera app now needs full access to photos.
It used to just need to add to it.
this means - an external camera that wants to just add photos to the photo roll needs full access to all photos.
fn-mote 1 hours ago [-]
By "needs" I take it that you mean "is programmed in such a way to require" and not that the permissions are required to do the job you are asking of it?
turnsout 7 hours ago [-]
Third party photo app developer here. You're right, it's crazy that it's basically all or nothing.
Apple actually has a great API for selecting a single photo in a privacy-respecting way which does not give the developer access to the library at all. [0] But oddly, there is no corresponding API for safely saving or updating a photo in the library. So if your app involves editing a photo, you can't use this API.
The only option you're left with is to request photo library access with that scary dialog.
If the user selects the limited access option, it's not just confusing—it's a prohibitively bad user experience. If the user snaps a new photo and wants to edit it in my app, they have to tap a "Select more photos" button in my app, find the photo in the picker, close the picker, and then select the photo again in my UI.
Personally, I evaluate full access on a developer-by-developer basis. Indie app developers are highly unlikely to nefariously scan your entire photo library, as they lack any incentive or motivation to do so. So I give apps like Darkroom or Halide full access.
Meta, on the other hand, has every incentive to scan my whole library, and I assume they would. So even though it makes posting to Instagram much more painful, I selected limited photo library access for Instagram.
Apple really needs to introduce a safe way for developers to access just the photos/videos users select, and then update those assets.
This post really nails it. The fact that access to a user photo is an all or nothing game and the most basic operations require full access is a huge problem in Apple’s ecosystem. Web browsers are able to easily let a 3rd party upload a file without giving access to every single file on your computer. I’m sure there are some reasons why it is not so simple on iOS but it can be done and the current setup is really bad.
diggan 7 hours ago [-]
> I don’t understand why apps need access to my photos at all. [...] There’s no need for apps to access the entire camera roll
So apps like Google Photos or other alternatives to the Apple made Photos app just shouldn't exist at all, if I understand you correctly?
bbarnett 7 hours ago [-]
Did the parent edit their comment? Because your response seems to directly ignore multiple things they said.
diggan 7 hours ago [-]
Right now the comment says the same as when I wrote my comment:
> I don’t understand why apps need access to my photos at all [...] There’s no need for apps to access the entire camera roll [...] The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich
Which still make me ask the question: They think no apps should access all photos, there is never any need for that, and these app currently do that and they need that, so are they saying those apps shouldn't exist at all?
hdgvhicv 7 hours ago [-]
They literally say
“The only apps that need full access to my camera roll, are apps like Google Photos”
Obviously they don’t think the apps shouldn’t exist.
diggan 5 hours ago [-]
So again, how does that work when someone also feels like "There’s no need for apps to access the entire camera roll", am I having reading comprehension problems or is there something else going on here?
amanaplanacanal 5 hours ago [-]
They listed what they thought should be the exceptions to the blanket statement.
ipaddr 5 hours ago [-]
Google photos stores your photos in the cloud or constantly tries to force you to backup everything to the cloud.
So no it doesn't need permission to manage your local photos. Upload to Google and manage the photos on the cloud if you trust Google while increasing privacy for everyone else.
6 hours ago [-]
serial_dev 5 hours ago [-]
AFAIK Custom photo pickers access your pictures without (hopefully) doing anything nefarious with it. With that said, 95% of apps that do that should just not use custom file pickers.
signal11 3 hours ago [-]
iOS has had a private photo picker for a few years now, where you can pick photos from within an app without giving access to all photos.
WhatsApp doesn’t use it and Apple doesn’t hold them to account over it. So, um, yay? Apps like Signal do use it.
bee_rider 3 hours ago [-]
Do apps have the option to not use the photo picker? I thought from the app’s point of view, the photos that iOS shows it are all the photos on the filesystem.
ks2048 2 hours ago [-]
If you set the access to “Limited Access”, then that’s what the App has. It’s not a decision for WhatsApp to make - it’s in iOS.
sefrost 3 hours ago [-]
WhatsApp does appear to only have access to a subset of photos on my iPhone.
The UX is a little clunky because you have to “add” a new photo which it can then access, but I prefer the privacy of it.
giancarlostoro 6 hours ago [-]
Not just Apple, Google too. Companies having zero audit trails over files they send to their servers is why I wrote off Windows for good. I noticed Microsoft Defender may randomly send files to be inspected, but there's not audit trail of what files they've sent. This is also why on iOS I force every app to only take files I hand select, I assume malicious intent from all apps. I periodically remove files they're allowed to see back down to 0.
siva7 2 hours ago [-]
Oh I can't wait to get friend suggestions for random people from my camera roll and vice versa. Meta literally creating a social graph of all people you ever captured. Three letter agencies secretly leaching metas network cable for this extremely helpful information. At this point your camera roll can be public as well.
jameshart 2 hours ago [-]
If you only grant ‘Limited Access’ to an app to your photos you can review and modify at any time exactly which photos each app has access to.
dataflow 2 hours ago [-]
I feel like what they would try to do in such a case is to make up some excuse to scan all the photos so you don't know what they're actually doing.
kevin_thibedeau 4 hours ago [-]
They shouldn't allow apps to give themselves permissions without an OS generated confirmation dialog. Google figured this out years ago
jackdeansmith 2 hours ago [-]
They can't. You have to explicitly give apps permission to access your photo library.
7 hours ago [-]
h1fra 8 hours ago [-]
yeah they do that for location*, they should warn if an app is constantly accessing the camera roll
merelysounds 8 hours ago [-]
For what it’s worth, iOS does warn when an app has full access to the photo library for a while. E.g.:
> "WhatsApp" has been able to access your entire photo library for 6 months. Do you want to continue to allow full
access?
Yes, but it's not clear to a regular user that an app can access this camera roll without a user's input.
0xffff2 4 hours ago [-]
That just tells you that it has the permission. It doesn't give you any information about how the app is actually using the permission does it?
pimlottc 7 hours ago [-]
Do you mean prompting for permission to scan local networks? “Localization” normally refers to translating an app into another language.
h1fra 7 hours ago [-]
Sorry I meant "location", when an app is accessing gps too often, they send a notification (e.g: I get a weekly notif for foursquare)
king_geedorah 7 hours ago [-]
I believe they are referring to the icon that appears in the status bar when an application is using location services (including in the background).
isodev 5 hours ago [-]
And risk their revenue? No way. It will come as “privacy preserving on-device-blabla” something that ultimately wouldn’t really protect users, only move the problem elsewhere in the stack. Like any other “privacy” feature of iOS.
JustExAWS 3 hours ago [-]
That’s not even necessary.
On your phone, go to Settingd -> Facebook -> photos -> limited access
And you can choose which photos Facebook has access to.
When you first give an app access to your photos, you have the “Limited Access” option.
moolcool 3 hours ago [-]
I do that, but I wish I didn't have to. I have to flip through the system image picker twice every time I want to share a photo.
JustExAWS 16 minutes ago [-]
Which app do you use doesn’t let you paste an image you copy from the Photos app? All the apps I tried - Facebook, Messenger, Slack, Notion, WhatsApp and LinkedIn. There is really no need to use the picker at all.
Jyaif 7 hours ago [-]
> would put huge pressure on reputable developers
It wouldn't put any pressure on Meta
wslh 8 hours ago [-]
In the iPhone you can select which photos are accessible by apps.
noname120 7 hours ago [-]
It’s a big pain because then you have a double-picker: first pick the pictures in the native dialog asking you to decide which pictures the app should have access to, and then select again the pictures you want but this time in the WhatsApp picker. It’s very awkward.
trinix912 7 hours ago [-]
A solution would be that Apple builds a privacy preserving picker in the OS, then mandates apps use it instead of giving them access to the camera roll and letting them roll their own pickers in the first place.
SSLy 7 hours ago [-]
> A solution would be that Apple builds a privacy preserving picker in the OS
there is already one, the enforcement point is what's missing
enigmo 7 hours ago [-]
this already exists, many apps use it. I do wish it was mandatory for _all_ apps to use it instead of being optional.
MiddleEndian 1 hours ago [-]
iOS (and Android) could also replace the non-privacy-respecting one with a privacy-respecting one that just gives dummy responses to other API calls. Devices should be lying on my behalf to apps and services all the time.
merelysounds 8 hours ago [-]
Even better, the app can use the OS image picker and don’t have any other access to photos.
It won’t work for all use cases, but when it works it’s very practical. I’d love to see apps use that as the default - and request additional access only when the user’s current action actually requires it.
Ntrails 8 hours ago [-]
I locked whatsapp out of my photos and contacts years ago. If I need a pic I copy paste it in.
Yes it is friction but I simply do not trust the Zuck
znpy 7 hours ago [-]
I get your point, but there are so many more evil actors in Meta beyond “Zuck”. Reducing a company to a single person silently excuses all other awful people actively working there
pixxel 7 hours ago [-]
[dead]
RajT88 6 hours ago [-]
Modern Android has this too. I'm not sure what all distros it's in, since my Pixel 8 Pro doesn't have it, but LineageOS does and so does my cheap ass Motorola G 5G.
Razengan 6 hours ago [-]
Apple should also stop letting apps know that we have given them a limited photos or contacts list:
Telegram refuses to work if you provide it with just 1 dummy contact.
Some other clingy apps also get pouty and demand full roll access each time you try to use a photo.
What's even worse: For years, Apple has also allowed many apps including Facebook/TikTok/Tinder to use the "iCloud Keychain" API to store invisible information that tracks you across app reinstalls and EVEN DEVICE RESETS, because it's stored in your iCloud account, and there's no way for you to see what is stored or manually delete it without going through FB/etc and no way to be sure that they are indeed deleting everything.
I've ranted about that a few times but people just shrug it off like wtf (I imagine other people who abuse these APIs want to keep it buried)
ctippett 6 hours ago [-]
Have you tried viewing your iCloud keychain on macOS? I'm not sure if it's inclusive of entries made from iPhone-only apps, but there's definitely an option to view entries synced to iCloud for other things.
Razengan 6 hours ago [-]
I think I tried that a long time ago, including various tricks to see the hidden folders on the iPhone file system, but it didn't work.
Now I'm not going to install any FB-related app on my new phone to test any other ways, because I'd rather not let them mark that device too if I can help it.
jimt1234 6 minutes ago [-]
> ... it's not available in Illinois or Texas due to those states' privacy laws.
This stuck out to me. How are laws like this typically applied? My guess is it's geo-based only, right? That is, take an Illinois resident who spends 99% of her time in her home state - if she travels to California for a weekend, can Facebook (legally) grab her camera roll data during that time? And vice-versa, myself, as a CA resident who spends 99% of his time at home - if I go to Texas for the weekend, Facebook is gonna have to wait until I return home to (legally) access my camera roll?
reactordev 6 hours ago [-]
Meta isn’t just crawling your photos. If you gave it permission not just “While using the app” to anything, it’s gathering up metadata about you and sending it home. Contacts, emails, location, imei, photos, video exif, browser history if you happen to open a mini-safari view from an ad, app usage statistics, your IP address, your device information, anything they can gather - they are.
I uninstalled Facebook, Meta, MetaQuest, Instagram and deleted my accounts. I’ll never put one of their apps on my phone again.
Uninstall is indeed the only option. There is no way in hell this is the last time they do something like this, nor is it the first.
int_19h 9 minutes ago [-]
"People just submitted it. I don't know why. They 'trust me'. Dumb fucks."
reactordev 3 hours ago [-]
Some of those data brokers have no qualms with breaking cybersecurity laws either.
hungmung 2 hours ago [-]
...and it's unlikely the police or three-letter organizations would cut off one of their main sources of information by enforcing laws against them.
inetknght 5 hours ago [-]
> Facebook, Meta, MetaQuest, Instagram and deleted my accounts. I’ll never put one of their apps on my phone again.
Hope you also removed WhatsApp, a very popular chat app especially outside the USA.
reactordev 5 hours ago [-]
Yup, anything Meta backed, not on my phone.
baggachipz 3 hours ago [-]
I specifically refuse to have any Google or Meta apps on my phone. Yes, my phone is an iPhone made by Apple, but I figure I'll put all my eggs in one violator's basket. At least this violator has a financial incentive not to siphon and sell all my information.
reactordev 3 hours ago [-]
Oh but they do, however, what’s the alternative? PinePhone? LibreRola? At least I know Apple cares about encryption and keeps the keys to the kingdom behind paywalled doors.
The amount of malware installed on Android just from visiting a website is crazy.
dietr1ch 2 hours ago [-]
> The amount of malware installed on Android just from visiting a website is crazy.
What do you mean by this? Is it because of the embedded browsers that pop up before Chrome/Firefox? I thought that was your own browser in some special session (that hopefully doesn't retain state).
reactordev 2 hours ago [-]
I mean some ad, hijacking the page, before the click of some grandma registers, and volla! Now they’re on the play store about to download some “game” called royal kingdom and since they have the attention span of a gnat, they install it for a fun afternoon.
Or same hijack ad shows some bogus virus scan result, convincing grandma to click. Or drive-by download where it redirects to some infected pdf you end up downloading.
Yes, they all require a click, an install, some action. But it’s so cleverly disguised that unless you’re really diligent, someone’s going to get your credit card.
The worst are the drive-by downloads because a user doesn’t have to do anything. Once the pdf is on the phone, the phone access it, releasing the malware.
I've removed all Meta apps other than Whatsapp (and I don't love that).
I haven't had the Facebook app on my phone in well over a decade. Had Instagram for a while, I was casually active on it, but Meta just keeps convincing me not to be trusted.
Facebook mobile is a suboptimal experience, which is fine, it just reminds me to use it less.
rpgbr 7 hours ago [-]
I treat WhatsApp as a hostile app[1], which means I deny any access to my stuff even if I get a subpar experience. In places where it's required (as where I live), this is the bare minimum a privacy-minded person can do.
Yeah but other people share their contact list with WhatsApp and they have you in there, with your name and phone number and possibly more info.
I never understood why Apple allows access to the full address book including all Apple-specific settings such as "spouse" and "home address" that are useful within iOS. There should be a minimal permission mode: name and phone number only.
skylurk 8 hours ago [-]
On iOS, whatsapp is weirdly pushy about getting unlimited access to your photo album.
They also go out of their way to make it hard to save a photo without granting full access. Creepy.
agile-gift0262 5 hours ago [-]
On Android WhatsApp also requires access to all media files on the phone in order to use certain features that don't really need them, but that sound plausible.
For example, when you receive an audio message, if you want to listen to it, it will request full media access. Android apps can access media files they have created, so this permission isn't needed. But without granting media access (or tricking it into thinking it has it, like with GrapheneOS' storage scopes), WhatsApp won't let you listen to the audio. Same when trying to open an image full screen instead of just the in-chat preview.
If this were a small developer, I could assume it was done that way accidentally or to cut some corners. Coming from Meta, I can only assume malice.
GauntletWizard 1 hours ago [-]
A similar anti-pattern - WhatsApp has it's own contact list and list of users. However, you can't use it without granting the Contacts permissions. On my phone, though I have WhatsApp installed, I can't create a new chat - It just brings up the "Enable Contacts" dialogue. I can however use their web-client to initiate a chat, and when people can message me I can respond.
vladvasiliu 8 hours ago [-]
IME giving it "limited access" works well; you can save anything without issue.
What pisses me off, though, is that I didn't find a way to give a contact a name without allowing it access to the phone's contacts.
skylurk 8 hours ago [-]
Tested it, and yes, when I increase the access from "Add Photos Only" to "Limited Access" I can add photos again.
But now Whatsapp retains access to all the photos I added unless I go into settings and revoke access to those photos. Creepy.
And yeah the contacts thing also pisses me off. They know what they are doing.
vladvasiliu 6 hours ago [-]
> But now Whatsapp retains access to all the photos I added unless I go into settings and revoke access to those photos. Creepy.
I think this is good enough. If you consider they do shady stuff with your pictures, you might as well consider that they hold on to anything they get their hands on right away.
mckn1ght 4 hours ago [-]
I think you meant to say you don’t think this is good enough? And I’d second that.
gruez 8 hours ago [-]
>But now Whatsapp retains access to all the photos I added unless I go into settings and revoke access to those photos. Creepy.
Not really, given whatsapp could be theoretically keeping a local copy and the operating system can't really do anything about it. It would also be a pretty weird case to code. Imagine writing an app where if you tried to save a file, you couldn't immediately access it afterwards.
skylurk 7 hours ago [-]
> Imagine writing an app where if you tried to save a file, you couldn't immediately access it afterwards.
It works fine in other apps such as Signal and even Teams.
I don't really want Moxie or MSFT to have persistent access to any part of my personal photo album either, no matter how good they say they'll be.
ozgrakkurt 7 hours ago [-]
My solution to this is to go
Photos -> share photo -> whatsapp
Instead of starting from whatsapp
morsch 5 hours ago [-]
I just tried removing the access photos permission entirely from Whatsapp on my Android phone. Then, sharing a photo from within the Photos app pops up the permission dialog in Whatsapp. You need to give it at least the "Limited" permission, otherwise it won't process the shared photo.
Having given it that permission, I can share photos from within Whatsapp as well, without going to the Photos app. I'm not sure if the file picker that pops up is a Whatsapp component (meaning the "Limited" permission is essentially unlimited) or if it's a system component. I mean the latter would make sense, but I'm too cynical to believe it works that well.
orthogonal-wren 7 hours ago [-]
What I do is open the photos app and then either copy & paste into the whatsapp message field or use the sharing dialog to share a photo / video on whatsapp. I guess that would also work for the files app.
It’s extra steps but it’s worth it for me.
biinjo 8 hours ago [-]
I was going to proudly boast that I don’t have any Meta apps on my phone. Got rid of FB a long time ago, never jumped on the Instagram train.
Then I your post and now I realize I’m still in the Meta world. Forgot about whatsapp for a second.
lazide 8 hours ago [-]
There is a reason they paid so much for it. In a lot of the world, they’re essentially required.
Contortion 8 hours ago [-]
And next to impossible to get rid of. I would much rather use Signal but convincing even privacy-conscious people to switch is an uphill battle.
reorder9695 6 hours ago [-]
I find a lot of people (including myself) had a pretty bad experience with Signal years ago, and it has put them off using it today.
mrbombastic 8 hours ago [-]
Signal is quite good these days for what it is worth. My whole family switched and hasn’t missed whatsapp. That said I am still stuck on whatsapp, it is basically the only messaging app people use in a lot of the world and used by a ton of businesses.
tholdem 6 hours ago [-]
Maybe once the ads start showing on Whatsapp it gets easier to convince people to switch.
trinix912 1 hours ago [-]
There are ads on Viber and people aren’t convinced to switch to Whatsapp either.
7 hours ago [-]
ethagnawl 5 hours ago [-]
I just got a new phone and have been using WhatsApp via browser. It's a fight (e.g. you have to force desktop layout) and clearly something they'd prefer you didn't do but ... it's usable. Common actions like sharing photos, replying/reacting to a message, etc. all require multiple taps and futzing with the zoom level but they are possible. There are a few actions, like viewing one-time photos which are not available and the biggest problem is that you're still tethered to a device running a fully fledged version of the app. When your session expires, you're required to authenticate again by scanning a code generated by the native app. Thankfully, my old phone is still functional and this is one of the reasons I'm keeping it around. I'm considering it tainted by Meta and, since I won't be taking new photos or doing anything substantive with it, I guess that's fine.
abdullahkhalids 2 hours ago [-]
I have thought about it. I wonder if some smart person can figure out how to manipulate the CSS of the browser version so its easily usable on phones.
BLKNSLVR 6 hours ago [-]
I only have WhatsApp for communication in a club committee I'm on. I have a whole separate Android profile to maximise it's separation from anything and everything else.
ratg13 8 hours ago [-]
I gave up Samsung Galaxy entirely over this .. even ended up switching to iPhone because I couldn't find another Android I liked as much.
Every Galaxy I ever owned came with uninstallable facebook apps, despite paying over 1k for the phone.
On the last one I had, I went in and did the ritual deleting facebook, and going in the settings to disable their other background apps.
I checked the phone 8 months later, and found that they had installed even more facebook apps that were now running without my consent.
That was the end of those phones for me, and I'm amazed that I put up with it for so long.
bonoboTP 7 hours ago [-]
> came with uninstallable facebook apps
You mean ununinstallable.
SoftTalker 5 hours ago [-]
unremovable
daedric7 8 hours ago [-]
While I still have WA installed for unrelated reasons, I'm so happy for Matrix Bridges...
seanw444 4 hours ago [-]
GrapheneOS is too precious. Being able to pretend like the app has full access to my gallery, while only specifically allowing certain directories or photos, is awesome. I've actually discovered that selecting a photo in the gallery and "sharing" it to a Messenger chat skips the need for it to be in the allowed directory, so I've been doing that too. Anyone know if that's working as intended, or if it's a potential security hole?
And yes, putting Messenger on my GrapheneOS phone is dumb, but my normal people friends all use Messenger, so that's where our group chats are. Best I can do is fail to convince them to install an XMPP client and join my self-hosted server, or minimize the impact of Messenger.
knallfrosch 2 hours ago [-]
> putting Messenger on my GrapheneOS phone is dumb
Depends on your intentions. Privacy, security?
Gud 4 hours ago [-]
The people working at Meta are generally pretty tech savvy, while the general public isn't. Meta is an extremely rich company, and their employees are well compensated.
My question then is, when does this exploitative behaviour become criminal.
And if it isn't criminal, how do we make it so.
If you are working for Meta and you consider yourself a moral person, you should quit your job.
There are more important things in this world than making money. Help build a better world. You can live a comfortable life without helping Mark Zuckerberg ruin the planet.
You can even make a lot of money, if that is what you dream of.
Nevermark 4 hours ago [-]
The setting was turned on for me. And there is no way I explicitly granted access.
I don't understand why Mark Zuckerberg isn't in jail, or via a "no admission of guilt" agreement, prohibited from being a corporate executive, at this point.
My ungranted personal information should be mine, with force of law, just as much as Meta's trade secrets are theirs.
jjtheblunt 2 hours ago [-]
> I don't understand why Mark Zuckerberg isn't in jail
that made me think, how is it there are groups of political extreme protestors both anti-Trumpers and MAGA-ers, but no group protesting Zuckerberg's shenanigans in such media-covered fashion?
How is money flowing to make this our reality? i don't pretend to know
Workaccount2 7 hours ago [-]
Meta is by far the most shamelessly insensitive tech giant. They must actively seek out the most morally depraved devs, I can only imagine the people in those meetings when discussing some of these implementations must have been laughing at how devious they are.
seanw444 5 hours ago [-]
The devs get paid a fine salary, and can't afford it lose it, or they'll probably miss payments on their expensive vehicles and houses. So they do as they're told and don't complain.
kridsdale1 4 hours ago [-]
Speaking as someone who joined them before they were like this, and left when they became this, Meta attracts talent by paying 50% more than anyone else. It’s very hard to leave when you get used to it.
PhantomHour 2 hours ago [-]
"Before they were like this"
I would like to remind you that Facebook got it's start as a sex pest website.
ChrisMarshallNY 2 hours ago [-]
It sounds like this may not be happening on iOS. I have not found a way to access the Photos library, without the user being asked for explicit permission to do so.
But I also haven't really tried. I use Photos and the Camera in some of the apps I've written, and fully expect users to be asked. I ask for minimal permissions, as well.
If Meta is bypassing user permission, then that's a truly dire security breach, and Apple needs to bring down the banhammer fast.
hypersoar 7 hours ago [-]
Years ago, I installed the Facebook app on my phone. I immediately uninstalled it when I saw, horrified, that it had hoovered up all my photos and uploaded them to Facebook (there was no fine-grained storage permission at the time) "for my convenience". I never ran their app on my phone, again.
baconbrand 4 hours ago [-]
what if my library was trillions of photos of poop shaped like a face
cj 9 hours ago [-]
This should be a non-issue if you use Apple’s privacy settings to limit Facebook to only have access to the photos you want to use.
I’d highly recommend never granting any app full access to your photos.
gessha 8 hours ago [-]
Apple should improve the UI of this photo selection because it’s very cumbersome to scroll and select the same photos twice.
subarctic 5 hours ago [-]
I think they have because with chatgpt you click the photo icon and it uses the system photo picker to pick a photo. I guess Meta deliberately isn't implementing that
Clent 8 hours ago [-]
Agreed. The feature set is in desperate need of the search option both on approved photos and when attempting to approve additional photos. Very often I have to go into the photos app, find the photo, make a mental record of approximately where it is in history and scroll scroll scroll. Obnoxious and cumbersome.
jkubicek 7 hours ago [-]
What I really want is to create a special photo album for (Facebook/Instagram/Slack/etc.) and have it automatically gain access to whatever photos I put in there.
loumf 8 hours ago [-]
You should do this for apps even if you trust them.
One issue with permissions is that they apply to the entire app, including any third-party dependencies. Lots of apps use libraries given to them by advertising services -- they notoriously exploit permissions given to the app.
lloydatkinson 8 hours ago [-]
WhatsApp used to (still might) default to saving all photos from any chat to your phone. This led to some very surprising and unwanted photos being saved to my iPhone gallery. What a stupid idea.
kergonath 7 hours ago [-]
I think it’s off by default and you can activate it separately for each discussion.
const_cast 6 hours ago [-]
The problem is people have to actually do this, and it's cumbersome.
The solution is just straight up banning apps from the app store which request full photos permissions but only need a picker.
Whatsapp only needs a picker, it's not Google photos. Just make that part of the developer terms and start banning low hanging fruit and the apps will confirm in no time.
afarah1 8 hours ago [-]
Android also has limited photos access nowadays.
jcomis 6 hours ago [-]
maybe they changed it, but last time I checked I could not upload on instagram on Android with limited access. It required full access, plus camera/microphone in order to post.
abcd_f 8 hours ago [-]
That's on newer iOS versions and, by extension, on newer Apple devices only though.
rimunroe 8 hours ago [-]
Photo library permissions have been around since iOS 14. As long as you have an iPhone made in the last ten years you should be able to use it.
bigDinosaur 8 hours ago [-]
Apparently this functionality was released in iOS 14, which was supported by the iPhone 6S, released in 2015, so any phone in the past 10 years should have support for it. That seems reasonable enough.
petralithic 7 hours ago [-]
Some of these comments are interesting to read. Haven't we learned from Cambridge Analytica in 2018? Or the various other scandals over the past 20 years? I can understand normal people not caring but how people on HN still use Meta apps is beyond me.
awesan 7 hours ago [-]
By definition they are social apps, so it's not usually up to just individuals whether to use them. For example if I stopped using what's app I'd cut myself off from the majority of my friends and family.
dfxm12 4 hours ago [-]
This is probably not true. If it is, if your ties are so weak that they rely on an app, maybe it is ok to let them go and seek stronger social ties elsewhere.
frasermarlow 7 hours ago [-]
If you're not paying for it, you are the product.
dfxm12 4 hours ago [-]
Even if you are paying for it, you are still the product (I guess "a" product). Meta (or whoever) is not going to give up revenue streams just because you're giving them money too. Realistically, for consumer products like this, preventing user tracking and data collection would have to be legislated and enforced.
sub7 7 minutes ago [-]
Xiaomi's HyperOS has many flaws but one great thing it does is have an app behaviour settings page that shows what app used what permission and when.
It allows you to toggle permissions on a per app per permission basis but sadly this toggle doesn't always work.
Still useful knowing how much you get spied on.
polytely 7 hours ago [-]
Facebook seems like an exceptionally morally rotten company, which I guess just stems from Zuck being in control.
snickerbockers 28 minutes ago [-]
>might
I appreciate your objectiviy but they definitely are.
matsemann 6 hours ago [-]
A few years ago I scrolled Facebook on my phone and suddenly saw a post with a picture from my phone and my heart skipped a beat. It was not a real public post, but a suggestion from fb ala "share this pic with your followers? This is how it will look like".
Immediately removed all permissions, insane to take a photo from my camera roll and do that. Imagine if it was some nsfw picture suddenly being integrated into my feed while scrolling in public or so..
mikewarot 5 hours ago [-]
A gentle reminder to the readers here at HN that it doesn't have to be this way. Computer Security is a solved problem[1], and has been so since the 1980s[2].
It's my strong opinion that the only methods you've seen to this point[3-7] were deliberately chosen to be ones that don't work, and make things worse in the long run.
It's my hope that things will change for the better, but when I think about what group could lead that change, there's No Such Agency.
Facebook has been doing this for well over a decade. I once got a notification from the Facebook app, "Do you want to share this photo with Kim?" because Kim was just randomly in the distant background of a photo I had taken of my daughter at kindergarten drop-off. I deleted the Facebook app that day and I make a point to never give any social media app access to my photo library.
gmd63 7 hours ago [-]
Zuckerberg: Yeah so if you ever need info about anyone at Harvard
Zuckerberg: Just ask
Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuckerberg: People just submitted it.
Zuckerberg: I don't know why.
Zuckerberg: They "trust me"
Zuckerberg: Dumb fucks
Instant messages sent by Zuckerberg during Facebook's early days, reported by Business Insider (May 13, 2010)
matt_s 8 hours ago [-]
Meta can't scan my phone if I don't install Meta's apps on my phone.
A web browser on the phone removes the need for a lot of "apps".
randycupertino 7 hours ago [-]
I need whatsapp to communicate with global KOLs for work.
belinder 6 hours ago [-]
Shouldn't they be required to offer a work phone if they require you to install an app on a phone? It may depend on where you live
randycupertino 5 hours ago [-]
My company provides us with a $100 a month cell phone stipend instead of giving us phones.
const_cast 5 hours ago [-]
If you're running android I believe you can set up a work profile with its own apps. On graphene you definitely can, with its own filesystem and everything.
I wouldn't install work programs directly on my devices without some kind of sandboxing because of cases like this.
TheRoque 6 hours ago [-]
Mmmh well a few months ago there was a news that Facebook will prompt you to ask you if you are ok with your personal pictures being used for training, so it's not really surprising ?
Besides, it's meta, what do people expect seriously ?
olelele 4 hours ago [-]
My last impression of Facebook was that configuring the account settings had become more like setting up a fresh raspbian install or configuring a phone. Too many privacy intruding settings to count. I get the feeling that most people don't care enough and just leave everything on default, which is on.
I think Facebook is deeply scammy now.
I deleted my accounts a few years ago and never looked back.
markus_zhang 7 hours ago [-]
One way to deal with the current mess is to use a dumb enough phone only for banking/insurance/chat, a dumb phone for calling and texting, and a camera for photos. It’s less convenient but it’s better for privacy.
inetknght 5 hours ago [-]
> and a camera for photos. It’s less convenient but it’s better for privacy.
Hope you don't use Microsoft or Apple products to manage the photos on your Camera.
everdrive 9 hours ago [-]
I finally got around to rebuilding my pihole. My wife's phone as absolutely rife with requests for various Real-Time Bidding (RTB) domains. It was a flood of them like I really haven't seen before. I didn't do much troubleshoot, but when we looked at her phone, the Facebook app seemed like the likeliest culprit. (Facebook, after all would be the best-placed to have the user data required to actually participate in RTB.)
Once we deleted the app, the RTB requests went away for good. I've had pihole previously, and she's had the Facebook app previously, and we never seemed to have this issue. Perhaps Facebook is drudging up whatever profits it can since it's mostly cornered the population, and is potentially in decline.
pixxel 7 hours ago [-]
[dead]
de6u99er 3 hours ago [-]
I remember when Facebook hired George Hotz. The idea was to circumvent phone security and privacy settings.
A4ET8a8uTh0_v2 8 hours ago [-]
Well, the good news is: I think this finally gave me a good reason ( one she would accept that is ) to convince wife to drop FB from phone.. yay...
KaiserPro 2 hours ago [-]
For what it's worth, I don't think facebook are scanning your photos.
the biggest reason is that probably enough of a ToS violation to get them yeeted from the app store.
It looks like its using metadata to work out when to nagg you.
arnejenssen 8 hours ago [-]
Some years ago I stopped used Snapchat, because Snapchat would occasional notify me a "highlight" with a picture from my camera roll. To do that it meant that Snapchat need to have all my pictures on their server, I figured. Not what I signed up for.
Havoc 8 hours ago [-]
Better yet - use the phones built in app restrictions to block or selectively allow photo access.
When a corporate does shady shit the last thing you'd do is trust the tools they provide to limit that. That's just insane.
>"People just submitted it. I don't know why. They 'trust me'. Dumb fucks." -Mark Zuckerberg
terminalshort 7 hours ago [-]
You trust the tools because one of the few things the company can actually get in trouble for is outright lying.
amanaplanacanal 5 hours ago [-]
They might actually get fined a small amount!
emchammer 6 hours ago [-]
They’re not, and they can’t, because I don’t use Meta.
imhoguy 5 hours ago [-]
They can much more than you can imagine. I bet you have installed at least one 3-rd party app with Facebook SDK bundled in and profiling you. https://news.ycombinator.com/item?id=44763949
whalesalad 7 hours ago [-]
Is it 2012? We've known this forever.
user94wjwuid 8 hours ago [-]
this benefits few and violates the privacy of millions… can we get a some fckin privacy laws yet
greggman65 3 hours ago [-]
If you gave them permisison isn't that on you?
iOS you can
(1) Choose no permission - Then, if you want you can go to your photos in the iOS Photos app, select a few, pick "Send to App -> Facebook" when you want to give Facebook a few photos
(2) Copy and Paste photos
(3) Choose "only selected photos" - In this case, in the Facebook app, you choose to add photos, the photos you previously gave the app permission to view appear and there's a button "Select more Photos". You can pick that and select more. I use this option peronsally
(4) Choose "all photos" - I give this permission to Google Photos since I use Google Photos to make all my photos visible across all devices.
If you choose 4, that just seems on you. You told them they could access all the photos.
rootnod3 3 hours ago [-]
Meta abuses permissions when given? Shocked, I am SHOCKED I tell you.
Next up: Google scans your emails, news at 11.
kjok 8 hours ago [-]
The kind of shady practices we have seen from this company, any self-respecting individual will be ashamed except Zuck. He has done more to rot the collective brain of a generation than any single figure in tech history.
The truth is, Meta isn’t building community, it’s building a surveillance hellscape where every click, glance, and pause is commodified. If you work there and still believe you're doing something good for the world, you're either delusional or willfully blind.
7 hours ago [-]
klabb3 7 hours ago [-]
Why do apps request persistent access to camera roll at all? I don't want to manage a custom set of pictures. I want to send a picture now by selecting it.
Apps like Messenger, Telegram and WhatsApp refuse to show me the regular old photo picker. I have to enable "limited access" and select the same photos twice (first add to the set, then select for sharing). It's infuriating.
PS: The exception is media management apps, but those are extremely rare and irrelevant in the context of social media and communications apps.
greggman65 3 hours ago [-]
> Why do apps request persistent access to camera roll at all?
Some apps are specifically for backing up all your photos.
> I want to send a picture now by selecting it.
Go to your photos, select a picture, pick send to app, pick the app
shortrounddev2 7 hours ago [-]
There are hundreds of ways to secure a laptop and ensure your privacy. Why are there almost no good ways to use a smartphone in a secure and private way?
prmoustache 6 hours ago [-]
You can if you don't use a google certified rom, use primilarily a browser instead of apps and do not install the google play stuff.
fsflover 6 hours ago [-]
There's only one way to secure a laptop: use Qubes OS. It requires a lot of resources for the virtualization, and on the phone, it's not profitable for Apple and Google.
SirMaster 7 hours ago [-]
How is the app accessing my photos on iOS when I have not given the app permission to access photos? Did they really find some exploit around this? Or is this photos permission really not the only way?
dns_snek 6 hours ago [-]
It doesn't sound like they're accessing your photos without the app being granted permission to do so in iOS. It sounds like they're abusing that permission (if granted) for nefarious purposes that users didn't agree to.
So you granted Facebook permission to access your files in order to share a photo in some group 3 months ago, but now they secretly abuse that permission to scan your entire library for AI training.
SirMaster 5 hours ago [-]
I guess if I grant an app access to all my photos, then I assume they can access them all whenever, unless I revoke that access after.
flanbiscuit 7 hours ago [-]
Same question for Android.
My guess is that this only affects people who have granted FB the permission already.
toss1 6 hours ago [-]
The big tech companies are now becoming archetypal evil — directly analogous with the ancient stories of 'deals with the devil'.
The devil cannot take your soul, but if he can get you to agree to a deal... well... good luck with that.
Here, the devil gets you to agree to some nice beneficial feature like "camera sharing suggestions ... for personalized creative ideas, like travel highlights and collages" or "cloud processing" for whatever benefit. AAaand you do, and there goes all your private photos. And the devil can rightly claim "but this is a mere contract dispute and the user agreed to all of this".
The ancient tales were supposed to be warnings, not How-To guides.
And of course now, these modern devils are just flipping the "Agree" button under the software all without your actual consent.
I do not let ANY Meta property or software run on any of my devices. If only everyone did the same.
jpl56 7 hours ago [-]
1 : open the Facebook app.
Nope... I'm using a link to my Facebook homepage saved on the home screen.
I know that that’s partially implemented with the limited photo access now, but it’s confusing from a UI perspective and I don’t understand why this isn’t the default.
The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich. Everyone else can suck a lemon.
Some apps like WeChat somehow insist on building on their photo picker and they get the copy/paste treatment.
Absolutely not. Saving a photo does not need the full permissions. If an app does that, the developer is either ignorant or malicious. I see multiple apps that only have "Add Photos Only" permission including apps like Duolingo that.
Similarly the use case of allowing the user to pick one photo doesn't require any permissions at all. Just use the system photo picker. I post reviews with photos regularly on Google Maps and the Google Maps app doesn't have any photo permissions.
True, and this could maybe be solved by better app store review.
Every app submitted to the app store is reviewed by a human for approval. The reviewers could apply more scrutiny to photo permissions and reject apps whose permissions aren't justified.
The only feature request I have is to be able to scope app permissions to an album, since the current flow of selecting individual photos adds a lot of friction.
Yeah, that's the "limited access" mode but if the app uses the system photo picker[0], the app doesn't need any photos permission to pick a photo. Blame the app developers for not updating their apps (and this has been available since 2021 - they have no excuse.)
> Apps don’t need to request photo library permission when using either class, so the sample app avoids requesting permission until it’s necessary. A camera app, photo editing app, or library browsing app needs to use much more of PhotoKit‘s functionality, but [[an app that’s only setting a basic profile photo doesn’t need photo library permission]].
[0] https://developer.apple.com/documentation/photokit/selecting...
I feel the issue here is apple not enforcing developer guidelines(unless I'm misremembering here too). However, that frequently requires people making a stink. I suspect Apple's legal team has decided not to make an issue off it because of the Epic lawsuit- where public opinion is largely against Apple... even though Apple told Epic to pound sand over issues Epic has paid the FTC _HALF A BILLION DOLLARS_ and counting... to settle. See: https://www.ftc.gov/news-events/news/press-releases/2022/12/...
And to forestall "but apple's cut." Reality check: google's policy is substantially identical, and amazon appstore's was "we'll take 30%, but give 20% back in expiring AWS credit." I'm sure ya'll will let me know of other app stores' policies.
I click “add photo”, the system dialog opens, I select a photo, and then that gets sent to the app. Somehow, Apple managed to screw that up.
Photo centric apps may choose more extensive APIs, but those require OS-level permissions (the user explicitly giving access)
That’s exactly how it works for me in iOS at the moment.
In addition, I can see the list of photos each app has been granted access to in Settings > Privacy & Security > Photos.
It isn’t so bad, but I don’t upload much.
It shouldn’t give access at all, but use a secure clipboard implementation so that only that app can read it out exactly once.
I agree about the clicks—the UX should be one-shot select and share with the permissions handled implicitly.
Imagine if every time you wanted to upload a file online, you first had to allow the one website to access that image first in one menu before you could select the image in the normal file upload menu. That's the UX they're complaining about.
Any UX other than this is something the app developer has implemented on top. iOS works exactly like you described.
Set an app like WhatsApp to No Access or Limited Access.
Now try to upload a photo into chat.
Instead of just presenting you with all of your photos so that you can upload one, you first have to click "Manage" -> "Select more photos" -> "Add the photo".
Now you can select that one photo for upload.
That could obviously be trimmed up into Grant + Upload in a single operation, but instead it's so clunky that people grant Full Access just to avoid it.
It doesn't make much UX sense since I want to push one image into the app one time, while priv granting is for future pull operations that don't make sense 99% of the time.
That's not a OS limitation, this is a UX dark pattern from WhatsApp that they've purposefully added to make the UX terrible to push people into granting "Full Access".
I just tested it with both "Add Photos Only" and "Limited Access" modes with Signal and iOS does exactly what you described as the perfect UX. It's literally the following:
1) Tap Add Photo in a chat
2) System photo picker appears
3) Select which photo you want in your entire gallery (not limited to photos previously granted to Signal)
4) Photo is sent to chat
Again, this is with both non-Full Access modes. I think your beef is with Meta, not Apple.
It looks like there is a separate API for "Private Access to Photos" that is less common than the UX I describe (WhatsApp, Reddit, Twitter, Discord).
Maybe one thing we can agree on is that if apps have to opt-in to the API that's better for users, then we can also blame Apple.
If they have access to the last photo ... every photo you ever took was the last photo. Why mess around giving app's permission to surveil/siphon off your photos at all?
Any carte blanche for apps, and apps will go to great lengths to take advantage of that in unexpected ways, and obscure the fact they are doing so.
And privacy losses can never be verifiably reversed.
All most apps need is for you to select photos to upload/import using an Apple supplied photo selector. So they only see and get exactly what you want them to have.
It used to just need to add to it.
this means - an external camera that wants to just add photos to the photo roll needs full access to all photos.
Apple actually has a great API for selecting a single photo in a privacy-respecting way which does not give the developer access to the library at all. [0] But oddly, there is no corresponding API for safely saving or updating a photo in the library. So if your app involves editing a photo, you can't use this API.
The only option you're left with is to request photo library access with that scary dialog.
If the user selects the limited access option, it's not just confusing—it's a prohibitively bad user experience. If the user snaps a new photo and wants to edit it in my app, they have to tap a "Select more photos" button in my app, find the photo in the picker, close the picker, and then select the photo again in my UI.
Personally, I evaluate full access on a developer-by-developer basis. Indie app developers are highly unlikely to nefariously scan your entire photo library, as they lack any incentive or motivation to do so. So I give apps like Darkroom or Halide full access.
Meta, on the other hand, has every incentive to scan my whole library, and I assume they would. So even though it makes posting to Instagram much more painful, I selected limited photo library access for Instagram.
Apple really needs to introduce a safe way for developers to access just the photos/videos users select, and then update those assets.
[0]: https://developer.apple.com/documentation/photosui/photospic...
So apps like Google Photos or other alternatives to the Apple made Photos app just shouldn't exist at all, if I understand you correctly?
> I don’t understand why apps need access to my photos at all [...] There’s no need for apps to access the entire camera roll [...] The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich
Which still make me ask the question: They think no apps should access all photos, there is never any need for that, and these app currently do that and they need that, so are they saying those apps shouldn't exist at all?
“The only apps that need full access to my camera roll, are apps like Google Photos”
Obviously they don’t think the apps shouldn’t exist.
So no it doesn't need permission to manage your local photos. Upload to Google and manage the photos on the cloud if you trust Google while increasing privacy for everyone else.
WhatsApp doesn’t use it and Apple doesn’t hold them to account over it. So, um, yay? Apps like Signal do use it.
The UX is a little clunky because you have to “add” a new photo which it can then access, but I prefer the privacy of it.
> "WhatsApp" has been able to access your entire photo library for 6 months. Do you want to continue to allow full access?
Screenshots: https://macreports.com/app-has-been-able-to-access-your-enti...
On your phone, go to Settingd -> Facebook -> photos -> limited access
And you can choose which photos Facebook has access to.
When you first give an app access to your photos, you have the “Limited Access” option.
It wouldn't put any pressure on Meta
there is already one, the enforcement point is what's missing
It won’t work for all use cases, but when it works it’s very practical. I’d love to see apps use that as the default - and request additional access only when the user’s current action actually requires it.
Yes it is friction but I simply do not trust the Zuck
Telegram refuses to work if you provide it with just 1 dummy contact.
Some other clingy apps also get pouty and demand full roll access each time you try to use a photo.
What's even worse: For years, Apple has also allowed many apps including Facebook/TikTok/Tinder to use the "iCloud Keychain" API to store invisible information that tracks you across app reinstalls and EVEN DEVICE RESETS, because it's stored in your iCloud account, and there's no way for you to see what is stored or manually delete it without going through FB/etc and no way to be sure that they are indeed deleting everything.
I've ranted about that a few times but people just shrug it off like wtf (I imagine other people who abuse these APIs want to keep it buried)
Now I'm not going to install any FB-related app on my new phone to test any other ways, because I'd rather not let them mark that device too if I can help it.
This stuck out to me. How are laws like this typically applied? My guess is it's geo-based only, right? That is, take an Illinois resident who spends 99% of her time in her home state - if she travels to California for a weekend, can Facebook (legally) grab her camera roll data during that time? And vice-versa, myself, as a CA resident who spends 99% of his time at home - if I go to Texas for the weekend, Facebook is gonna have to wait until I return home to (legally) access my camera roll?
I uninstalled Facebook, Meta, MetaQuest, Instagram and deleted my accounts. I’ll never put one of their apps on my phone again.
Uninstall is indeed the only option. There is no way in hell this is the last time they do something like this, nor is it the first.
Hope you also removed WhatsApp, a very popular chat app especially outside the USA.
The amount of malware installed on Android just from visiting a website is crazy.
What do you mean by this? Is it because of the embedded browsers that pop up before Chrome/Firefox? I thought that was your own browser in some special session (that hopefully doesn't retain state).
Or same hijack ad shows some bogus virus scan result, convincing grandma to click. Or drive-by download where it redirects to some infected pdf you end up downloading.
Yes, they all require a click, an install, some action. But it’s so cleverly disguised that unless you’re really diligent, someone’s going to get your credit card.
The worst are the drive-by downloads because a user doesn’t have to do anything. Once the pdf is on the phone, the phone access it, releasing the malware.
"Facebook patent uses image recognition to scan your personal photos for brands" https://www.fastcompany.com/90333067/creepy-facebook-patent-...
"faulty pixels, lens scratches, other ‘camera artifacts’ and metadata within the image would be used to associate Facebook users with particular images. " https://www.imaging-resource.com/news/2015/09/18/facebook-wa...
Facebook mobile is a suboptimal experience, which is fine, it just reminds me to use it less.
[1] https://manualdousuario.net/en/a-less-affectionate-approach-...
I never understood why Apple allows access to the full address book including all Apple-specific settings such as "spouse" and "home address" that are useful within iOS. There should be a minimal permission mode: name and phone number only.
They also go out of their way to make it hard to save a photo without granting full access. Creepy.
For example, when you receive an audio message, if you want to listen to it, it will request full media access. Android apps can access media files they have created, so this permission isn't needed. But without granting media access (or tricking it into thinking it has it, like with GrapheneOS' storage scopes), WhatsApp won't let you listen to the audio. Same when trying to open an image full screen instead of just the in-chat preview.
If this were a small developer, I could assume it was done that way accidentally or to cut some corners. Coming from Meta, I can only assume malice.
What pisses me off, though, is that I didn't find a way to give a contact a name without allowing it access to the phone's contacts.
But now Whatsapp retains access to all the photos I added unless I go into settings and revoke access to those photos. Creepy.
And yeah the contacts thing also pisses me off. They know what they are doing.
I think this is good enough. If you consider they do shady stuff with your pictures, you might as well consider that they hold on to anything they get their hands on right away.
Not really, given whatsapp could be theoretically keeping a local copy and the operating system can't really do anything about it. It would also be a pretty weird case to code. Imagine writing an app where if you tried to save a file, you couldn't immediately access it afterwards.
It works fine in other apps such as Signal and even Teams.
I don't really want Moxie or MSFT to have persistent access to any part of my personal photo album either, no matter how good they say they'll be.
Photos -> share photo -> whatsapp
Instead of starting from whatsapp
Having given it that permission, I can share photos from within Whatsapp as well, without going to the Photos app. I'm not sure if the file picker that pops up is a Whatsapp component (meaning the "Limited" permission is essentially unlimited) or if it's a system component. I mean the latter would make sense, but I'm too cynical to believe it works that well.
Then I your post and now I realize I’m still in the Meta world. Forgot about whatsapp for a second.
Every Galaxy I ever owned came with uninstallable facebook apps, despite paying over 1k for the phone.
On the last one I had, I went in and did the ritual deleting facebook, and going in the settings to disable their other background apps.
I checked the phone 8 months later, and found that they had installed even more facebook apps that were now running without my consent.
That was the end of those phones for me, and I'm amazed that I put up with it for so long.
You mean ununinstallable.
And yes, putting Messenger on my GrapheneOS phone is dumb, but my normal people friends all use Messenger, so that's where our group chats are. Best I can do is fail to convince them to install an XMPP client and join my self-hosted server, or minimize the impact of Messenger.
Depends on your intentions. Privacy, security?
My question then is, when does this exploitative behaviour become criminal.
And if it isn't criminal, how do we make it so.
If you are working for Meta and you consider yourself a moral person, you should quit your job.
There are more important things in this world than making money. Help build a better world. You can live a comfortable life without helping Mark Zuckerberg ruin the planet. You can even make a lot of money, if that is what you dream of.
I don't understand why Mark Zuckerberg isn't in jail, or via a "no admission of guilt" agreement, prohibited from being a corporate executive, at this point.
My ungranted personal information should be mine, with force of law, just as much as Meta's trade secrets are theirs.
that made me think, how is it there are groups of political extreme protestors both anti-Trumpers and MAGA-ers, but no group protesting Zuckerberg's shenanigans in such media-covered fashion?
How is money flowing to make this our reality? i don't pretend to know
I would like to remind you that Facebook got it's start as a sex pest website.
But I also haven't really tried. I use Photos and the Camera in some of the apps I've written, and fully expect users to be asked. I ask for minimal permissions, as well.
If Meta is bypassing user permission, then that's a truly dire security breach, and Apple needs to bring down the banhammer fast.
I’d highly recommend never granting any app full access to your photos.
One issue with permissions is that they apply to the entire app, including any third-party dependencies. Lots of apps use libraries given to them by advertising services -- they notoriously exploit permissions given to the app.
The solution is just straight up banning apps from the app store which request full photos permissions but only need a picker.
Whatsapp only needs a picker, it's not Google photos. Just make that part of the developer terms and start banning low hanging fruit and the apps will confirm in no time.
It allows you to toggle permissions on a per app per permission basis but sadly this toggle doesn't always work.
Still useful knowing how much you get spied on.
I appreciate your objectiviy but they definitely are.
Immediately removed all permissions, insane to take a photo from my camera roll and do that. Imagine if it was some nsfw picture suddenly being integrated into my feed while scrolling in public or so..
It's my strong opinion that the only methods you've seen to this point[3-7] were deliberately chosen to be ones that don't work, and make things worse in the long run.
It's my hope that things will change for the better, but when I think about what group could lead that change, there's No Such Agency.
[1] https://en.wikipedia.org/wiki/Capability-based_security
[2] https://en.wikipedia.org/wiki/Capability-based_operating_sys...
[3] https://en.wikipedia.org/wiki/User_Account_Control
[4] https://en.wikipedia.org/wiki/AppArmor
[5] https://en.wikipedia.org/wiki/Security-Enhanced_Linux
[6] https://en.wikipedia.org/wiki/Application_permissions
[7] https://en.wikipedia.org/wiki/Trusted_Platform_Module
Zuckerberg: Just ask
Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuckerberg: People just submitted it.
Zuckerberg: I don't know why.
Zuckerberg: They "trust me"
Zuckerberg: Dumb fucks
Instant messages sent by Zuckerberg during Facebook's early days, reported by Business Insider (May 13, 2010)
A web browser on the phone removes the need for a lot of "apps".
I wouldn't install work programs directly on my devices without some kind of sandboxing because of cases like this.
I think Facebook is deeply scammy now.
I deleted my accounts a few years ago and never looked back.
Hope you don't use Microsoft or Apple products to manage the photos on your Camera.
Once we deleted the app, the RTB requests went away for good. I've had pihole previously, and she's had the Facebook app previously, and we never seemed to have this issue. Perhaps Facebook is drudging up whatever profits it can since it's mostly cornered the population, and is potentially in decline.
the biggest reason is that probably enough of a ToS violation to get them yeeted from the app store.
It looks like its using metadata to work out when to nagg you.
When a corporate does shady shit the last thing you'd do is trust the tools they provide to limit that. That's just insane.
>"People just submitted it. I don't know why. They 'trust me'. Dumb fucks." -Mark Zuckerberg
iOS you can
(1) Choose no permission - Then, if you want you can go to your photos in the iOS Photos app, select a few, pick "Send to App -> Facebook" when you want to give Facebook a few photos
(2) Copy and Paste photos
(3) Choose "only selected photos" - In this case, in the Facebook app, you choose to add photos, the photos you previously gave the app permission to view appear and there's a button "Select more Photos". You can pick that and select more. I use this option peronsally
(4) Choose "all photos" - I give this permission to Google Photos since I use Google Photos to make all my photos visible across all devices.
If you choose 4, that just seems on you. You told them they could access all the photos.
The truth is, Meta isn’t building community, it’s building a surveillance hellscape where every click, glance, and pause is commodified. If you work there and still believe you're doing something good for the world, you're either delusional or willfully blind.
Apps like Messenger, Telegram and WhatsApp refuse to show me the regular old photo picker. I have to enable "limited access" and select the same photos twice (first add to the set, then select for sharing). It's infuriating.
PS: The exception is media management apps, but those are extremely rare and irrelevant in the context of social media and communications apps.
Some apps are specifically for backing up all your photos.
> I want to send a picture now by selecting it.
Go to your photos, select a picture, pick send to app, pick the app
So you granted Facebook permission to access your files in order to share a photo in some group 3 months ago, but now they secretly abuse that permission to scan your entire library for AI training.
My guess is that this only affects people who have granted FB the permission already.
The devil cannot take your soul, but if he can get you to agree to a deal... well... good luck with that.
Here, the devil gets you to agree to some nice beneficial feature like "camera sharing suggestions ... for personalized creative ideas, like travel highlights and collages" or "cloud processing" for whatever benefit. AAaand you do, and there goes all your private photos. And the devil can rightly claim "but this is a mere contract dispute and the user agreed to all of this".
The ancient tales were supposed to be warnings, not How-To guides.
And of course now, these modern devils are just flipping the "Agree" button under the software all without your actual consent.
I do not let ANY Meta property or software run on any of my devices. If only everyone did the same.
Nope... I'm using a link to my Facebook homepage saved on the home screen.