Data Sharing Permission is requested *After* the app is given access

There is a serious flaw in the data sharing permissions flow that gives apps access to personal data before the user has granted permission. This is because the data-sharing permission request has been moved from the presentation of the media picker to the delegate method called after the items have been picked. This gives apps access to personal media metadata even if permission is denied by the user.


It's also very obvious to the user that something is wrong because they tap "add music" or "add photos" on an app they just installed and instead of seeing the data-sharing permission request that they're used to seeing they now go straight to the media picker and can select items.


In iOS <=12 if your app wanted to access the user's personal media the user was asked to grant Data Sharing Permissions when the MPMediaPickerController was presented:


Use taps a button to "Add Music" from their iTunes library to a playlist in the app, this triggers the creation and presentation of a media picker controller. But before it displays their media library it shows the Data Sharing Request dialog where the user can tap "Don't Allow" or "OK"


MPMediaPickerController *picker = [[MPMediaPickerController alloc] initWithMediaTypes:MPMediaTypeMusic];

picker.delegate = self;

picker.allowsPickingMultipleItems = YES;

[[mainViewController] presentViewController: picker animated: YES completion:nil];


>>> Here is where the user would see the data sharing permission request in iOS 12--before they or the app actually see the media selection.


* In iOS 13, however, the data-sharing permission request does not appear until the app's didPickMediaItems delegate method is called (it's a delegate used by MPMediaPickerController). So the app is able to browse the user's data before permission has been granted.


- (void)mediaPicker: (MPMediaPickerController *)mediaPicker didPickMediaItems:(MPMediaItemCollection *)mediaItemCollection {

>>> Here is where the user is asked to grant data sharing permission in iOS 13



But the users' privacy has already been violated at that point. And because the items have already been selected, the app is able to access the media metadata even if the user Denies the data sharing request.

Up vote post of bbrockit Down vote post of bbrockit
1.2k views
Posted by
bbrockit
Reply
Add a Comment

Replies

Hopefully, this gets fixed quickly because it's a privacy flaw that violates Apple's own data-sharing and privacy rules. We're too close to the GA release for bugs that violate user privacy to still be in the betas.


In the meantime though, if you have an app that selects media you may be used to that media collection not being populated if the user denies access. In iOS 13 it will be populated, but you need to check if they've actually granted access because when you try to use the media you won't be able to, but you'll have all its metadata.

Posted by
bbrockit
Up vote reply of bbrockit Down vote reply of bbrockit
Add a Comment

To make this behave as it did prior to iOS 13, you can move the request for authorization further up in the flow by having your "add media" button call the following requestAuthorization method, and then if the user grants the permission present the media picker:


[MPMediaLibrary requestAuthorization:^(MPMediaLibraryAuthorizationStatus status)


You would only need to do this for iOS 13.


While it's possible for app developers to move this request further up in the workflow the default should not be *after* the user's media has been selected. It gives apps access to metadata even if the user denies the request and it looks insecure from a user-experience perspective.

Posted by
bbrockit
Up vote reply of bbrockit Down vote reply of bbrockit
Add a Comment

I have same issue For the Media & Apple music privacy request authrozation is called only once in IOS version 13.0 . iOS have changed this privacy setting asking permision to user only once in IOS 13.0 & they have reverted them in IOS 13.2. The revert back to prior to iOS 13.0 is this a permanent change. Does apple have any documentation regarding this change. If not what is the workaround to all these changes?

Posted by
patil_sudhir2001
Up vote reply of patil_sudhir2001 Down vote reply of patil_sudhir2001
Add a Comment