A new vulnerability has been discovered in the iOS operating system, and it is now being used on Apple’s iPhone and iPad. According to the New York Times, some applications on iOS were accessing users’ phone books or contacts without the knowledge of the users. The issue was discovered by a team of Apple’s own developers and independent developers who make apps for Apple devices.
Developers have also pointed out that some applications, which when given the permission to access location data that is mostly used in geo tagging of pictures and videos, can access the complete photo and video library of users without any additional permissions.
Apple’s privacy policy though denies illegal access to any data on the devices without the user’s discretion and it is unclear as of now how applications are able to do so. However, no applications have been reported in this regard so far in the Apple iTunes store.
A dummy application was developed by an unnamed developer, which when given the permission to access location data, began accessing the photo library of the user and saving it on a remote server along with the location data of the photographs wherever available.
With the use of this exploit, developers can virtually get access to confidential images along with the location data that poses a bigger threat as there are several ways in which this data can be used, especially for spying and other malicious purposes.
In the wake of competition for the Android App store, which is growing at a tremendous pace, some developers believe that Apple has become less vigilant in screening applications before they are published on its iTunes app store.
In the month of February a fake Pokémon application that too in a paid variant was allowed and published on the app store. In a short time the application became very popular and was installed by a large number of users, but it was removed by Apple later on.