• Stars
    star
    1,244
  • Rank 37,776 (Top 0.8 %)
  • Language
    Objective-C
  • License
    MIT License
  • Created about 7 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An easy way to access the user's iOS location data without actually having access

whats.the.user.doing โ€ข detect.location โ€ข watch.user โ€ข steal.password


Update 2020-06-22 Apple has fixed this issue with iOS 14

detect.location

Twitter: @KrauseFx License

Does your iOS app have access to the user's image library? Do you want to know your user's movements over the last several years, including what cities they've visited, which iPhones they've owned and how they travel? Do you want all of that data in less a second? Then this project is for you!

Download DetectLocations app

Disclaimer

detect.location is not intended to be used in production. It's a proof of concept to highlight a privacy loophole that can be abused by iOS apps. Apps shouldn't use this. The goal is to close this loophole and give its users better privacy controls for image metadata.

Permission Dialog Map of locations Rendering of Route
screenshots/screenshot0.jpg screenshots/screenshot1.jpg screenshots/screenshot2.jpg
Find the "fastest" photos Understand the user Full access to raw photos
screenshots/screenshot3.jpg screenshots/screenshot4.jpg screenshots/screenshot5.jpg

To see all the above with your data, download the DetectLocations app from the App Store.

What can you do with detect.location?

  • Get a history of the cities, countries, and other places a user has visited, as long as they took a picture there
  • Find the user's place of work, by figuring out where they are from 9 to 5
  • Get a complete list of the user's cameras and photography devices (which iPhones, Android phones, cameras) and how long they used each device
  • Use facial recognization to find out who the user hangs out with and who their partner is. Is the user single?
  • Understand the user's background:
    • Did the user attend college? If so, which one?
    • Did the user recently move from the suburbs to the city?
    • Does the user spend a lot of time with their family?

What's detect.location?

  • The native image picker built into iOS allows app developers to access the full image library, with all its metadata
  • With the raw PHAsset object, which represents a picture or video, you also get access to the image's metadata. This includes the location and even the speed at which the user was traveling when the picture was taken.
  • In particular, an app can get the following data:
    • The exact location of each asset
    • The physical speed in which the picture/video was taken (how fast did the camera move)
    • The camera model
    • The exact date + time
    • Other exif image metadata
  • With this information, you can render a route of the user's travels, into the past for as long as they've had a GPS-enabled camera (like an iPhone, other smartphone, or modern point-and-shoot)
  • You can access all of this metadata without analyzing the contents of the image at all

Proposal

There should be separate permissions for

  • Selecting a photo (e.g. you want to upload an existing picture to a social network)
  • Granting full access to the photo library (e.g. Dropbox or Google Photos to backup your complete library)

For saving a photo (e.g. a 3rd party camera app wants to save a photo you just took), a separate permission was introduced in iOS 11 to get write-only access to the photo library.

Additionally, use of the native image picker should be enforced by Apple, and apps that use a custom one will be rejected.

An alternative approach would be to have an extra permission layer to access the picture's metadata.

I've reported this as a radar, which you can dupe: rdar://34610699 ๐Ÿ‘

Complexity

The code that exposes all of the above information is fairly easy to write. I built the initial prototype within under an hour, and then spent a little more time on some visualizations to show what the data looks like.

You can look at DetectLocations/LocationPoint.m for the complete implementation of accessing all photos, but the basic implementaiton is simple. To access all locations:

PHFetchResult *photos = [PHAsset fetchAssetsWithMediaType:PHAssetMediaTypeImage options:nil];
    
for (PHAsset *asset in photos) {
    if ([asset location]) {
        // Access the full location, speed, full picture, camera model, etc. here
    }
}

About the demo

If an image doesn't load when you tap on a marker / table cell, this means it's a video. A video player wasn't implemented as part of the demo.

The app will not edit your photo library in any way - iOS photos permission is smart and only grants immutable access, meaning in theory, the app could add new pictures, but not edit/delete existing ones.

I submitted the app to the App Store, and it actually got approved on the first try, you can download the app on the App Store. I used Xcode 8 instead of Xcode 9 for this submission, so the map clustering isn't active in this version unfortunately, I've submitted a follow-up release that includes clustering as well.

Update December 2017

Erkan Yildiz pointed out that with iOS 11 the UIImagePickerController doesn't require image library access any more and runs in a separate process, meaning Apple could force apps to use the built-in image picker for when it's appropriate.

License

This project is licensed under the terms of the MIT license. See the LICENSE file.

More Repositories

1

TSMessages

๐Ÿ’Œ Easy to use and customizable messages/notifications for iOS ร  la Tweetbot
Objective-C
4,874
star
2

FxLifeSheet

Tracking the key metrics of my life
Ruby
1,066
star
3

what-terminal-is-felix-using

๐Ÿ’ป For everyone who wants to know more about the terminal I use
511
star
4

overkill-for-mac

Stop iTunes from opening when you connect your iPhone
Swift
506
star
5

overkill

Don't let iTunes interrupt your workflow ๐Ÿ’ฅ๐ŸŽต
Ruby
482
star
6

InAppBrowser.com

Showcasing what in-app browsers do under the hood
HTML
470
star
7

WiFiAuth

Because connecting to WiFis is still an unsolved problem ๐Ÿ˜‚
Objective-C
424
star
8

mood

Keeping track of current level of happiness
Ruby
353
star
9

steal.password

Easily get the user's Apple ID password, just by asking
330
star
10

watch.user

Every iOS app you ever gave permission to use your camera can record you any time it runs - without notice
Swift
287
star
11

markdown-to-html-github-style

Generate a simple HTML page based on a markdown file, that looks like GitHub's stylesheet
HTML
226
star
12

MajorKey

The fastest iOS app to add a note to your email inbox
Swift
186
star
13

new-mac

List of the things to do on a new Mac
Ruby
181
star
14

notes-exporter

Because GPDR exists for a reason, oh hi Apple
Ruby
164
star
15

krausefx.com

My personal blog
HTML
162
star
16

instapipe

Automatically cross-post your Instagram stories
Ruby
156
star
17

twitter-unfollow

Unfollow everybody on Twitter
Ruby
144
star
18

whereisfelix.today-backend

Yes, that's a thing
JavaScript
128
star
19

howisFelix.today

Yes, that's a thing
HTML
109
star
20

dotfiles

Learning the difference between > and >>
Shell
85
star
21

fastrockets

Visualize fastlane launches as rockets
Ruby
25
star
22

speaking

Upcoming and past speaking engagements
23
star
23

fastlane-ascii-art

๐Ÿƒ Add some fun to your fastlane output.
Ruby
22
star
24

auxcord.org

Have a Sonos system, and are hosting a party? Let's gooo
Ruby
21
star
25

CoreMLDemo

The demo project containing all source code from the ContextSDK blog post series
Swift
21
star
26

evaluation_report

The evaluation report I wrote about fastlane at university
19
star
27

trollol

GitHub pull requests - done right
14
star
28

fastlane-plugin-load_json

Loads a local JSON file and parses it
Ruby
14
star
29

Three20.swift

Three20 is a Swift library for iOS developers
11
star
30

rScreenshooter

Helps you create screenshots in multiple languages on different device types using UIAutomation.
Ruby
11
star
31

privacy-share-button

Proof of concept: detect when an iOS user hits the share button on your website
HTML
11
star
32

fastlane-plugin-clubmate

Print the Club Mate logo in your build output
Ruby
10
star
33

brewfile

Some of the brews I use
Ruby
9
star
34

trips

My upcoming trips
Ruby
9
star
35

fastlane-tunes

๐ŸŽถ Play music using fastlane, because you can.
Ruby
9
star
36

telegram-advent-calendar

A simple to use Telegram Advent Calendar
Ruby
8
star
37

fastlane-plugin-ya_tu_sabes

Ya tu sabes.
Ruby
8
star
38

felix.fitness

Public fitness dashboard
7
star
39

certs

Certificates for [email protected] certs
7
star
40

tweet_collection_manager

Managing all the tweets, like a management manager
Ruby
6
star
41

fastlane-plugin-no_u

no u
Ruby
6
star
42

wealthfront-tax-info-exporter

Export all transactions (including dividends) details into a CSV file
Ruby
5
star
43

light-phone-note-to-self

A simple script to fetch the most recent Notes from your Light Phone and send them to yourself via Email
Ruby
5
star
44

doesitrain.today

Ruby
5
star
45

resume

About me
5
star
46

engagement-enhancer

Not hitting your OKRs? Not getting enough engagement? Fix it with one little trick
HTML
4
star
47

krausefx-gem

Ruby
4
star
48

set-times

A collection of set-times for various venues
HTML
4
star
49

bot

@seriouskrausefx
Ruby
4
star
50

walkwithfriends

Stay in touch with close friends around the world
Ruby
3
star
51

gwg

Geringwertige Wirtschaftsgรผter finden
CSS
2
star
52

license_checker

Ruby
2
star
53

whichsideoftheriver.in

HTML
1
star