IMO Apple should provide the user with audit logs of which photos/videos were accessed by each app. It might be a long list but it alleviates doubt and would put huge pressure on reputable developers to ensure they don’t get caught doing things the user wouldn’t have expected (even if the user technically allowed it).
I don’t understand why apps need access to my photos at all. (with some very specific exceptions,) apps should only access a photo, which I first select using the system photo picker. There’s no need for apps to access the entire camera roll just so I can select one photo to use with that app.
I know that that’s partially implemented with the limited photo access now, but it’s confusing from a UI perspective and I don’t understand why this isn’t the default.
The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich. Everyone else can suck a lemon.
The copy/paste feature is underused on iOS. These days if an app needs access to a photo, I try to determine whether the app uses the system photo picker (which doesn't need the app to have photos permission). If it doesn't I simply use the Photos app to copy a photo and then paste afterwards. A benefit is that you can strip location right from the Photos app. With third party apps like Metapho which can be invoked from the share sheet, you can even strip all metadata before copying.
Some apps like WeChat somehow insist on building on their photo picker and they get the copy/paste treatment.
Third party photo app developer here. You're right, it's crazy that it's basically all or nothing.
Apple actually has a great API for selecting a single photo in a privacy-respecting way which does not give the developer access to the library at all. [0] But oddly, there is no corresponding API for safely saving or updating a photo in the library. So if your app involves editing a photo, you can't use this API.
The only option you're left with is to request photo library access with that scary dialog.
If the user selects the limited access option, it's not just confusing—it's a prohibitively bad user experience. If the user snaps a new photo and wants to edit it in my app, they have to tap a "Select more photos" button in my app, find the photo in the picker, close the picker, and then select the photo again in my UI.
Personally, I evaluate full access on a developer-by-developer basis. Indie app developers are highly unlikely to nefariously scan your entire photo library, as they lack any incentive or motivation to do so. So I give apps like Darkroom or Halide full access.
Meta, on the other hand, has every incentive to scan my whole library, and I assume they would. So even though it makes posting to Instagram much more painful, I selected limited photo library access for Instagram.
Apple really needs to introduce a safe way for developers to access just the photos/videos users select, and then update those assets.
To your point there are plenty of apps that explicitly operate on the photo reel so the api/permission is needed.
Steelmanning the point: plenty of apps request photo permissions that shouldn’t need it. This is really an Apple problem though. They have their selective access option which is a patch on the problem inconvenient for the user. I have two apps that end up requesting photo permissions because basic things like saving or loading a photo require the full set of permissions. I would much rather Apple just have a widget that allows me to pipe that data in as a black box, since the pop up message is distracting and I only need the most basic capability. Instead they do some prop 65 warning where even the most basic and reasonable uses trip the warning and what’s app is allowed to scan your entire library with the same permission.
iOS already has exactly the experience you describe and it clearly urges you toward sharing only specific photos.
The only feature request I have is to be able to scope app permissions to an album, since the current flow of selecting individual photos adds a lot of friction.
Apple could easily fix this if they allowed apps to specify if they want the first square of the photo picker to be a camera icon (possibly even with a live preview background) or not. That's the #1 reason I see for apps using custom pickers. That or they're married to dogshit cross-platform toolkits.
They shouldn’t even need to access the camera roll at all in the vast majority of cases. The OS should simply pass photos and videos as an input to the app as an explicit user action; the camera roll itself should be a black box as far as the app is concerned.
AFAIK Custom photo pickers access your pictures without (hopefully) doing anything nefarious with it. With that said, 95% of apps that do that should just not use custom file pickers.
Not just Apple, Google too. Companies having zero audit trails over files they send to their servers is why I wrote off Windows for good. I noticed Microsoft Defender may randomly send files to be inspected, but there's not audit trail of what files they've sent. This is also why on iOS I force every app to only take files I hand select, I assume malicious intent from all apps. I periodically remove files they're allowed to see back down to 0.
Apple should also stop letting apps know that we have given them a limited photos or contacts list:
Telegram refuses to work if you provide it with just 1 dummy contact.
Some other clingy apps also get pouty and demand full roll access each time you try to use a photo.
What's even worse: For years, Apple has also allowed many apps including Facebook/TikTok/Tinder to use the "iCloud Keychain" API to store invisible information that tracks you across app reinstalls and EVEN DEVICE RESETS, because it's stored in your iCloud account, and there's no way for you to see what is stored or manually delete it without going through FB/etc and no way to be sure that they are indeed deleting everything.
I've ranted about that a few times but people just shrug it off like wtf (I imagine other people who abuse these APIs want to keep it buried)
Have you tried viewing your iCloud keychain on macOS? I'm not sure if it's inclusive of entries made from iPhone-only apps, but there's definitely an option to view entries synced to iCloud for other things.
Oh I can't wait to get friend suggestions for random people from my camera roll and vice versa. Meta literally creating a social graph of all people you ever captured. Three letter agencies secretly leaching metas network cable for this extremely helpful information. At this point your camera roll can be public as well.
It’s a big pain because then you have a double-picker: first pick the pictures in the native dialog asking you to decide which pictures the app should have access to, and then select again the pictures you want but this time in the WhatsApp picker. It’s very awkward.
Even better, the app can use the OS image picker and don’t have any other access to photos.
It won’t work for all use cases, but when it works it’s very practical. I’d love to see apps use that as the default - and request additional access only when the user’s current action actually requires it.
Modern Android has this too. I'm not sure what all distros it's in, since my Pixel 8 Pro doesn't have it, but LineageOS does and so does my cheap ass Motorola G 5G.
And risk their revenue? No way. It will come as “privacy preserving on-device-blabla” something that ultimately wouldn’t really protect users, only move the problem elsewhere in the stack. Like any other “privacy” feature of iOS.
The people working at Meta are generally pretty tech savvy, while the general public isn't. Meta is an extremely rich company, and their employees are well compensated.
My question then is, when does this exploitative behaviour become criminal.
And if it isn't criminal, how do we make it so.
If you are working for Meta and you consider yourself a moral person, you should quit your job.
There are more important things in this world than making money. Help build a better world. You can live a comfortable life without helping Mark Zuckerberg ruin the planet.
You can even make a lot of money, if that is what you dream of.
I was just at one of their offices in San Francisco. They have free breakfast, lunch, and dinner with choices from well over 10 whole restaurants exclusively on their campus. They have (paid) laundry service where they can just drop off their clothes and get them back later. No more Facebook barbers, however. There were people of all different backgrounds: black, white, Hispanic, Indian, etc.
They have all these amenities on top of their huge paychecks (high cost of living in San Francisco notwithstanding). Do you really think they’d give all that up in service of helping their lessers? Maybe some would, but how much of this extravagant lifestyle would they give up? Even those who identify as liberal, how much would they give up?
Meta is by far the most shamelessly insensitive tech giant. They must actively seek out the most morally depraved devs, I can only imagine the people in those meetings when discussing some of these implementations must have been laughing at how devious they are.
The devs get paid a fine salary, and can't afford it lose it, or they'll probably miss payments on their expensive vehicles and houses. So they do as they're told and don't complain.
Speaking as someone who joined them before they were like this, and left when they became this, Meta attracts talent by paying 50% more than anyone else. It’s very hard to leave when you get used to it.
The banality of evil, was the central them of Hannah Arendt thesis while working on the coverage of Eichmann trial by the Hebrew state of Israel. I doubt people attempt to join Facebook to apply their devious nature, more like that FB is paying handsomely to not think too hard about the goal of the organisation and the means to reach those goals.
Agreed. The feature set is in desperate need of the search option both on approved photos and when attempting to approve additional photos. Very often I have to go into the photos app, find the photo, make a mental record of approximately where it is in history and scroll scroll scroll. Obnoxious and cumbersome.
I think they have because with chatgpt you click the photo icon and it uses the system photo picker to pick a photo. I guess Meta deliberately isn't implementing that
You should do this for apps even if you trust them.
One issue with permissions is that they apply to the entire app, including any third-party dependencies. Lots of apps use libraries given to them by advertising services -- they notoriously exploit permissions given to the app.
WhatsApp used to (still might) default to saving all photos from any chat to your phone. This led to some very surprising and unwanted photos being saved to my iPhone gallery. What a stupid idea.
The problem is people have to actually do this, and it's cumbersome.
The solution is just straight up banning apps from the app store which request full photos permissions but only need a picker.
Whatsapp only needs a picker, it's not Google photos. Just make that part of the developer terms and start banning low hanging fruit and the apps will confirm in no time.
maybe they changed it, but last time I checked I could not upload on instagram on Android with limited access. It required full access, plus camera/microphone in order to post.
Apparently this functionality was released in iOS 14, which was supported by the iPhone 6S, released in 2015, so any phone in the past 10 years should have support for it. That seems reasonable enough.
Years ago, I installed the Facebook app on my phone. I immediately uninstalled it when I saw, horrified, that it had hoovered up all my photos and uploaded them to Facebook (there was no fine-grained storage permission at the time) "for my convenience". I never ran their app on my phone, again.
Meta isn’t just crawling your photos. If you gave it permission not just “While using the app” to anything, it’s gathering up metadata about you and sending it home. Contacts, emails, location, imei, photos, video exif, browser history if you happen to open a mini-safari view from an ad, app usage statistics, your IP address, your device information, anything they can gather - they are.
I uninstalled Facebook, Meta, MetaQuest, Instagram and deleted my accounts. I’ll never put one of their apps on my phone again.
Some of these comments are interesting to read. Haven't we learned from Cambridge Analytica in 2018? Or the various other scandals over the past 20 years? I can understand normal people not caring but how people on HN still use Meta apps is beyond me.
By definition they are social apps, so it's not usually up to just individuals whether to use them. For example if I stopped using what's app I'd cut myself off from the majority of my friends and family.
This is probably not true. If it is, if your ties are so weak that they rely on an app, maybe it is ok to let them go and seek stronger social ties elsewhere.
Even if you are paying for it, you are still the product (I guess "a" product). Meta (or whoever) is not going to give up revenue streams just because you're giving them money too. Realistically, for consumer products like this, preventing user tracking and data collection would have to be legislated and enforced.
Readit News
I know that that’s partially implemented with the limited photo access now, but it’s confusing from a UI perspective and I don’t understand why this isn’t the default.
The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich. Everyone else can suck a lemon.
Some apps like WeChat somehow insist on building on their photo picker and they get the copy/paste treatment.
Apple actually has a great API for selecting a single photo in a privacy-respecting way which does not give the developer access to the library at all. [0] But oddly, there is no corresponding API for safely saving or updating a photo in the library. So if your app involves editing a photo, you can't use this API.
The only option you're left with is to request photo library access with that scary dialog.
If the user selects the limited access option, it's not just confusing—it's a prohibitively bad user experience. If the user snaps a new photo and wants to edit it in my app, they have to tap a "Select more photos" button in my app, find the photo in the picker, close the picker, and then select the photo again in my UI.
Personally, I evaluate full access on a developer-by-developer basis. Indie app developers are highly unlikely to nefariously scan your entire photo library, as they lack any incentive or motivation to do so. So I give apps like Darkroom or Halide full access.
Meta, on the other hand, has every incentive to scan my whole library, and I assume they would. So even though it makes posting to Instagram much more painful, I selected limited photo library access for Instagram.
Apple really needs to introduce a safe way for developers to access just the photos/videos users select, and then update those assets.
[0]: https://developer.apple.com/documentation/photosui/photospic...
The only feature request I have is to be able to scope app permissions to an album, since the current flow of selecting individual photos adds a lot of friction.
It used to just need to add to it.
this means - an external camera that wants to just add photos to the photo roll needs full access to all photos.
So apps like Google Photos or other alternatives to the Apple made Photos app just shouldn't exist at all, if I understand you correctly?
WhatsApp doesn’t use it and Apple doesn’t hold them to account over it. So, um, yay? Apps like Signal do use it.
Telegram refuses to work if you provide it with just 1 dummy contact.
Some other clingy apps also get pouty and demand full roll access each time you try to use a photo.
What's even worse: For years, Apple has also allowed many apps including Facebook/TikTok/Tinder to use the "iCloud Keychain" API to store invisible information that tracks you across app reinstalls and EVEN DEVICE RESETS, because it's stored in your iCloud account, and there's no way for you to see what is stored or manually delete it without going through FB/etc and no way to be sure that they are indeed deleting everything.
I've ranted about that a few times but people just shrug it off like wtf (I imagine other people who abuse these APIs want to keep it buried)
> "WhatsApp" has been able to access your entire photo library for 6 months. Do you want to continue to allow full access?
Screenshots: https://macreports.com/app-has-been-able-to-access-your-enti...
Deleted Comment
It wouldn't put any pressure on Meta
On your phone, go to Settingd -> Facebook -> photos -> limited access
And you can choose which photos Facebook has access to.
When you first give an app access to your photos, you have the “Limited Access” option.
It won’t work for all use cases, but when it works it’s very practical. I’d love to see apps use that as the default - and request additional access only when the user’s current action actually requires it.
Yes it is friction but I simply do not trust the Zuck
"Facebook patent uses image recognition to scan your personal photos for brands" https://www.fastcompany.com/90333067/creepy-facebook-patent-...
"faulty pixels, lens scratches, other ‘camera artifacts’ and metadata within the image would be used to associate Facebook users with particular images. " https://www.imaging-resource.com/news/2015/09/18/facebook-wa...
My question then is, when does this exploitative behaviour become criminal.
And if it isn't criminal, how do we make it so.
If you are working for Meta and you consider yourself a moral person, you should quit your job.
There are more important things in this world than making money. Help build a better world. You can live a comfortable life without helping Mark Zuckerberg ruin the planet. You can even make a lot of money, if that is what you dream of.
They have all these amenities on top of their huge paychecks (high cost of living in San Francisco notwithstanding). Do you really think they’d give all that up in service of helping their lessers? Maybe some would, but how much of this extravagant lifestyle would they give up? Even those who identify as liberal, how much would they give up?
I would like to remind you that Facebook got it's start as a sex pest website.
I’d highly recommend never granting any app full access to your photos.
One issue with permissions is that they apply to the entire app, including any third-party dependencies. Lots of apps use libraries given to them by advertising services -- they notoriously exploit permissions given to the app.
The solution is just straight up banning apps from the app store which request full photos permissions but only need a picker.
Whatsapp only needs a picker, it's not Google photos. Just make that part of the developer terms and start banning low hanging fruit and the apps will confirm in no time.
I uninstalled Facebook, Meta, MetaQuest, Instagram and deleted my accounts. I’ll never put one of their apps on my phone again.
Uninstall is indeed the only option. There is no way in hell this is the last time they do something like this, nor is it the first.
Hope you also removed WhatsApp, a very popular chat app especially outside the USA.