I think the solution should lie with Apple as well since it's higher up the stream. Otherwise you'd need to have every app do this check - seems more efficient for Apple to just handle it.
I agree that Apple should do this. Malicious developers will exploit what they can. But this is just silly:
> Otherwise you'd need to have every app do this check
Do what check? When you ask for location data, all you have to do is say "you won't give me that? Okay." This app seems to have asked for location data, but instead said "you won't give me that? I'll go out of my way to get it anyway." There is no need for an explicit check. It is less work to do the right thing.
I meant that every app would have to do this location data stripping. It's unlikely that apps would bother to do this - more out of an oversight than maliciousness. Having Apple do this would avoid the problem of apps forgetting to implement these types of checks.
Path managed to screw up so bad last time they forced a change in the OS. A year later and they're caught again uploading some of the user's data that weren't explicitly granted access too. At least they can't scan the pictures without you choosing one in the photo picker.
At this point, I think Apple needs to pull the app and revoke their developers license.
I seriously doubt they'll do that. It's more likely some new law will be passed because of this than Apple will take such a big step.
I _want_ geotagged photos. I take tons of photos and use the timestamp+geotag to archive lots of other datestamped data according to my travels, not just photos.
I just don't want every sketch-ass third-party app that I want to post some scenery into to know exactly where I am.
Thousands of apps were using the same method for their Find Friends features, and I don't recall any instance where any of those devs were deliberately malicious in their efforts to build better features, or with users' data after the fact. Path was just one of the most popular targets for it at the time.
Totally agree with you here. In fact, would any iOS developer like to speculate as to whether an application can even determine if it's authorized to get your location? Or does it just attempt, and then get a failure?
Impossible? I don't think so. Since Path (and every other iOS app) uses a system API for things like photos it's trivial for the OS to strip the exif location data from photos if the user has turned off location data for an application, then provide that geo-less photo to the application.
Clearly Apple, like Path, never saw this issue (until now).
If I disable location data for an app, Apple shouldn't allow any form of my location to be passed to that app.