Once again, Path steals your data without permission. | EEQJ

Path’s iOS app (yes, that same Path that was caught stealing users’ entire address books last February) will use the embedded EXIF tag location information from photos in the iOS Camera Roll to geotag your posts, even when you’ve explicitly disabled Location Services for the Path application. (The app knows, of course, that it’s not getting location data via normal means from Location Services, yet behaves this way even in that case.)

This is surely terrible form on Path’s part (and, after the previous contact-stealing, a pretty clear indication that they don’t give two fucks about four fucks about your personal privacy), but the real question here is shown to be:

Should Apple’s iOS allow applications for which Location Services are explicitly disabled to access location information embedded (by the iOS Camera app) in photos stored in the Camera Roll (when access to photos is granted)?

I think the answer here is very clearly no. If you disable location services for an app, for example, a photo-sharing app or social network, yet take a photo every day (using the Camera app) and then later use that same application (which you have not granted access to your position) to upload that photo, the OS should prohibit the application from detecting your location via the EXIF information in that photo. Otherwise, the app will still have your location on a regular basis, despite the clear opposite intent being expressed by the user (through the disabling of location services for that particular app). This seems pretty clear to me.

Last year it certainly seemed that, following their contact-stealing mess, Apple implemented per-app per-resource permissions (contacts, photos, location, etc) very quickly – perhaps even in response to Path’s conduct. Now it’s time for them to close the loophole created by EXIF location tags in photos.

What are your thoughts?

PS: This loophole has been reported to Apple as of today (rdar://13130249).