So if I download an image from the web with GPS data, and then open it in an app that just reads images (so it doesn’t need location permissions)… That app (on some phones) gets a modified version of the file?
Which could make me think that the image doesn’t have location information.
Which could result in me uploading that file using a browser (that does have location permission turned on) to a website, and I think it’s safe to share because there’s no private information in the image, but my phone has conspired to mislead me.
I’m also worried that this is why gallery apps would require GPS location just for viewing photos (and their Metadata). Once gallery app has the permission, it can track your location in real time. It’s like this should be a separate permission rather than bundled together.
I understand the motivation here — apps that lack location permission shouldn’t be able to get backdoor access to your location via your camera roll. That makes sense, because you know damn well every spyware social media company would be doing that if they could.
But the reverse is also true: apps that legitimately need to read photos and access all their metadata shouldn’t need to be granted full location access.
So if I download an image from the web with GPS data, and then open it in an app that just reads images (so it doesn’t need location permissions)… That app (on some phones) gets a modified version of the file?
Which could make me think that the image doesn’t have location information.
Which could result in me uploading that file using a browser (that does have location permission turned on) to a website, and I think it’s safe to share because there’s no private information in the image, but my phone has conspired to mislead me.
Yes, that is cursed.
I’m also worried that this is why gallery apps would require GPS location just for viewing photos (and their Metadata). Once gallery app has the permission, it can track your location in real time. It’s like this should be a separate permission rather than bundled together.
I agree completely.
I understand the motivation here — apps that lack location permission shouldn’t be able to get backdoor access to your location via your camera roll. That makes sense, because you know damn well every
spywaresocial media company would be doing that if they could.But the reverse is also true: apps that legitimately need to read photos and access all their metadata shouldn’t need to be granted full location access.
Ooh that’s a good point. Any recent image’s location would give a probabilistic location for the user.
I was thinking this as well
Yes. The System’s current location is very much a different scope than a particular asset’s location tag.
In real life I mean. They should totally be separated in terms of permissions.