hngopher.com

       [HN Gopher] Ask HN: Can iOS apps with access to all photos, bulk...
       ___________________________________________________________________
        
       Ask HN: Can iOS apps with access to all photos, bulk upload in the
       background?
        
       Corollary : - Can apps with full access to microphone, camera
       background activate it? Even for 5 seconds at a time.  I'm talking
       about apps like: TkTok, IG and snap.  Thanks
        
       Author : kbrannigan
       Score  : 18 points
       Date   : 2022-08-31 21:46 UTC (1 hours ago)
        
       | 0x457 wrote:
       | Upload - yes. App can upload while in background. However, there
       | is a growing delay for every subsequent upload until the user
       | opens the app again.
       | 
       | Camera - no:
       | 
       | > Camera usage is prohibited while in the background. If you
       | attempt to start running a camera while in the background, the
       | capture session sends an
       | AVCaptureSessionWasInterruptedNotification with this interruption
       | reason. If you don't explicitly call the stopRunning method, your
       | startRunning request is preserved, and when your app comes back
       | to foreground, you receive
       | AVCaptureSessionInterruptionEndedNotification and your session
       | starts running.
       | 
       | Microphone - I think it can only continue recording while in
       | background, but not start?
        
       | [deleted]
        
       | hayst4ck wrote:
       | I think what is potentially more interesting is hashing or
       | running OCR against photos slowly over time. Even scanning photo
       | metadata and collecting the geolocation of all of them seems like
       | a relatively small amount of data (the type that wouldn't trash
       | your data plan) for significant value. If you hash a photo and it
       | gets uploaded somewhere you can potentially tie a private account
       | to a public one.
       | 
       | With geolocation you could potentially find people who have taken
       | a picture on or near a military base. You could collect people
       | within commuting distance. Photos of receipts or legal documents
       | could inform you of financial statuses. With facial recognition
       | you could create a social graph.
       | 
       | You can get a lot of information just by processing the photos
       | without them ever leaving your device.
       | 
       | Timestamps and device info (including devices of friends who send
       | you photos), could potentially be weaponized against a person a
       | well.
        
       | traceroute66 wrote:
       | Camera, absolutely not.
       | 
       | Microphone, can continue recording in background, but only if
       | user explicitly started it (i.e. think a recording app, e.g.
       | dictation tool ... user presses the big red record button to
       | start). The app also needs UIBackgroundModes permission.
        
       | aetch wrote:
       | Yes
        
         | bhaney wrote:
         | A source or explanation of how you came to this conclusion
         | would be nice
        
           | hellisothers wrote:
           | Yes, I am an iOS developer and work on applications that do
           | exactly this, photo uploading (with the user's consent).
        
       | rrodriguez wrote:
       | Note that microphone and camera use shows an indicator in the
       | menu bar, even when in background:
       | 
       | https://support.apple.com/en-us/HT211876
        
         | traceroute66 wrote:
         | And it shows that for Apple stuff too, e.g. you will notice the
         | light come on briefly as it tries to do FaceID on you, for
         | example.
        
       | jeroenhd wrote:
       | You will see an indicator whenever the camera or microphone are
       | in use in modern mobile operating systems (both Android and iOS).
       | Microphone and camera access require certain conditions; I'm not
       | aware of the ones on iOS, but on Android you cannot access the
       | camera without showing a camera preview somewhere on screen, for
       | example. Generally, these types of access are only available to
       | system applications (for things like Siri/Google Assistant) and
       | foreground applications.
       | 
       | If you allow an app access to all photos and videos, then the app
       | can access all photos. This includes scanning them for (location)
       | metadata and uploading them to the cloud. If you only allow the
       | app access to a certain set of photos and videos (an option
       | available in the most recent version of iOS and Android 11+) then
       | only those videos will be available. Note that there are
       | different prompts for "access all photos" and "pick a set of
       | photos" and keep this in mind when giving an app permission.
       | 
       | My personal advice with these types of applications is to use the
       | web app wherever possible. This enforces a better sandbox around
       | the application and often offers the same functionality, though
       | at the cost of increased battery usage.
        
       | qwertyuiop_ wrote:
       | Yes and never give full access to photos. Apple is getting better
       | at by introducing selective access. It still allows the app devs
       | to ask for full or no. The default should be selective access.
        
         | browningstreet wrote:
         | That's probably a good recommendation, but it also results in
         | the most annoying and cumbersome UX.
        
       ___________________________________________________________________
       (page generated 2022-08-31 23:01 UTC)