User Privacy for Photo Library Access with UIImagePickerController

Question

Brazer OP

Created Aug ’21

Replies 1

Boosts 0

Views 3.1k

Participants 3

Follow up from the answer provided in https://developer.apple.com/forums/thread/653414?login=true

The Apple engineer provided the below:

When running on iOS 11 or above, your app don't need to ask for Photos Library permission before presenting UIImagePickerController (and assuming the app doesn't use PhotoKit/doesn't access UIImagePickerControllerPHAsset from the result).

I have a question here about user privacy. Let's take a look at the customer perspective and their privacy with regards to photo sharing with an app using UIImagePickerController.

If an app uses UIImagePickerController, then my understanding is the app will no longer show up in the Settings --> Privacy --> Photos menu (with options of [None] / [Selected Photos] / [All Photos]) as you don't need to ask for Photo Library permissions. Is that correct?

Now, if that user goes to this app and chooses to select a photo, then their whole library will show. Is the takeaway that the app has access to all of the photos in the library? Or is the takeaway that this is only just a view of the images only and only the photo selected from the menu will be accessible to the app?

Boost

Answer 1

Engineer OP

Apple

Aug ’21

As detailed at the start of the following talk this year: Improving access to Photos in your app, there is now a section at the bottom of Settings → Privacy → Photos that details apps that used UIImagePickerController or PHPicker without explicit Photos access. There is text there explaining to users why they may have seen photos within the context of an app without any permission prompts. Currently that text looks like:

APPS WITH ONE-TIME PHOTO SELECTION:

List of apps that recently used PHPicker or UIImagePickerController to select assets

Even if your photos were recently shown to you to select from, the app did not have access to your photo library.

The takeaway here is that these out-of-process pickers allow the user to see and pick assets from within the context of an app but the app only gets access to assets that were selected. Additionally they did not have access to other things that PhotoKit provides such as information about the user's albums.

Just to be clear, an app that presents UIImagePickerController or PHPicker truly does not have access to the content that is shown inside the view. These views are hosted outside of the App's process.

2