Nick Bilton of the New York Times reports that a loophole in iOS’s security infrastructure enables apps you have allowed to determine your current location to access all the photos on your device (presumably due to the location information stored within photos). Although there are no known instances of this capability being abused in the wild, a proof-of-concept app commissioned by the New York Times showed that it could upload photos to a remote server once it had been given location permission. Apple will likely fix this soon; in the meantime, we recommend turning off unnecessary permissions in Settings > Location Services. follow link
Disable Caps Lock
If you find yourself pressing the Caps Lock key accidentally as much as I do, note that you can disable it entirely in Mac OS X. Open the Keyboard & Mouse preference pane, click the Modifier Keys button, and in the dialog that appears, select No Action from the Caps Lock pop-up menu. You could remap it to another modifier instead, but that might make using differently configured Macs more difficult.
iOS Apps with Location Permission Can Access Your Photos
Second, in a conspiracy, there has to be some benefit to Apple, and I can't see how Apple benefits in any way from exposing users' photos to apps. Apple already has access to those photos via Photo Stream, so what possible gain could the company achieve by allowing third-party apps similar access? And it's not like Apple is known for giving developers all sorts of unfettered access.
No, this really does feel like an oversight to me.
I feel it's nit-picking to complain that the alert only mentions that your photos and videos being accessed rather than saying "location information AND PHOTOS AND VIDEOS from your photos and videos." You are giving the app access to your photo library. What do you expect it to find there? Cumquats?
Sure, we don't want apps surreptitiously uploading photos. And occasionally some problem apps of various kinds do get into the App Store, at least for a while. It's not perfect.
I think it would be a shame if every access of every app to every API required a dialog. Although it's way to early to declare it a success, the OS X concept of sandbox entitlements, where an app declares (to Apple) the shared data features its going to use (calendar apps for calendar data, photo apps for photo data), actually seems better than the "more and more dialogs" approach.
I still don't want to see more dialogs.