Most active commenters
  • Zanfa(4)
  • jamwil(3)
  • hombre_fatal(3)

←back to thread

Some users have noticed settings that let Meta analyze and retain phone photos

(www.zdnet.com)
530 points mdhb | 29 comments | 29 Aug 25 12:01 UTC | HN request time: 0.448s | source | bottom
Show context
nomilk ◴[29 Aug 25 12:37 UTC] No.45063289[source]
IMO Apple should provide the user with audit logs of which photos/videos were accessed by each app. It might be a long list but it alleviates doubt and would put huge pressure on reputable developers to ensure they don’t get caught doing things the user wouldn’t have expected (even if the user technically allowed it).
replies(15): >>45063561 #>>45063763 #>>45064188 #>>45064202 #>>45064506 #>>45064799 #>>45065030 #>>45065872 #>>45066358 #>>45067299 #>>45067883 #>>45067957 #>>45068243 #>>45070026 #>>45075377 #
AndroTux ◴[29 Aug 25 13:55 UTC] No.45064188[source]
I don’t understand why apps need access to my photos at all. (with some very specific exceptions,) apps should only access a photo, which I first select using the system photo picker. There’s no need for apps to access the entire camera roll just so I can select one photo to use with that app.

I know that that’s partially implemented with the limited photo access now, but it’s confusing from a UI perspective and I don’t understand why this isn’t the default.

The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich. Everyone else can suck a lemon.

replies(10): >>45064324 #>>45064353 #>>45064568 #>>45064697 #>>45064981 #>>45065923 #>>45067186 #>>45067737 #>>45070608 #>>45071378 #
1. jamwil ◴[29 Aug 25 14:08 UTC] No.45064353[source]
iOS already has exactly the experience you describe and it clearly urges you toward sharing only specific photos.

The only feature request I have is to be able to scope app permissions to an album, since the current flow of selecting individual photos adds a lot of friction.

replies(5): >>45064391 #>>45064466 #>>45064470 #>>45064725 #>>45065986 #
2. privatelypublic ◴[29 Aug 25 14:11 UTC] No.45064391[source]
Unfortunately, no. It allows you to select which photos an app has access to, and I doubt anybody uses it more than once because of how many taps it takes to include a new photo. Unless I'm missing something.
replies(8): >>45064419 #>>45064424 #>>45064443 #>>45064469 #>>45065355 #>>45067368 #>>45067973 #>>45069164 #
3. jamwil ◴[29 Aug 25 14:16 UTC] No.45064443[source]
That’s exactly what OP asked for. To select which photos an app has access to using the system picker so they can’t see the whole camera roll.
replies(1): >>45064578 #
4. moi2388 ◴[29 Aug 25 14:18 UTC] No.45064466[source]
Well, no. It keeps giving permission to the app, and it’s a lot of clicks to manage.

It shouldn’t give access at all, but use a secure clipboard implementation so that only that app can read it out exactly once.

replies(1): >>45064537 #
5. davzie ◴[29 Aug 25 14:18 UTC] No.45064469[source]
You're right, I think a better UX would have been to let me select which photos I want to use like a normal camera roll picker and to just automatically make that photo available to the app requesting it rather than me having to first go and approve which photos to make selectable and then going to select it after.
6. dd_xplore ◴[29 Aug 25 14:18 UTC] No.45064470[source]
Even android has it!
7. jamwil ◴[29 Aug 25 14:23 UTC] No.45064537[source]
Whether you share it once or in perpetuity is of no practical consequence. They already have the photo at that point.

I agree about the clicks—the UX should be one-shot select and share with the permissions handled implicitly.

replies(1): >>45065383 #
8. AndroTux ◴[29 Aug 25 14:26 UTC] No.45064578{3}[source]
No. I want to select photos the app has access to now. I don’t want to readjust my selection every time I want to upload a new photo. What I want is an upload button like in the browser.

I click “add photo”, the system dialog opens, I select a photo, and then that gets sent to the app. Somehow, Apple managed to screw that up.

replies(4): >>45064879 #>>45064896 #>>45067952 #>>45069518 #
9. hombre_fatal ◴[29 Aug 25 14:37 UTC] No.45064725[source]
No, they (and I) want it to work like the web browser file upload component where you don't need to grant permission ahead of time because it's nonsensical.

Imagine if every time you wanted to upload a file online, you first had to allow the one website to access that image first in one menu before you could select the image in the normal file upload menu. That's the UX they're complaining about.

replies(1): >>45064970 #
10. nar001 ◴[29 Aug 25 14:49 UTC] No.45064879{4}[source]
Could what you're saying also be basically, you see your whole photos, your whole gallery but the app itself only has access to the one picture you tap on? That way for the user it looks the same as if the app had access to your whole photos, but the app actually only sees the one you select?
11. Zanfa ◴[29 Aug 25 14:50 UTC] No.45064896{4}[source]
> I click “add photo”, the system dialog opens, I select a photo, and then that gets sent to the app. Somehow, Apple managed to screw that up.

That’s exactly how it works for me in iOS at the moment.

In addition, I can see the list of photos each app has been granted access to in Settings > Privacy & Security > Photos.

12. Zanfa ◴[29 Aug 25 14:56 UTC] No.45064970[source]
But you don’t have to do it ahead of time. When you click add photo, you get the system picker to choose the photo and once you’ve selected what you wanna grant access to, that’s it. Literally not a single menu needs to be opened, nothing needs to be configured.

Any UX other than this is something the app developer has implemented on top. iOS works exactly like you described.

replies(1): >>45067529 #
13. zimpenfish ◴[29 Aug 25 15:25 UTC] No.45065355[source]
> It allows you to select which photos an app has access to

Yeah, that's the "limited access" mode but if the app uses the system photo picker[0], the app doesn't need any photos permission to pick a photo. Blame the app developers for not updating their apps (and this has been available since 2021 - they have no excuse.)

> Apps don’t need to request photo library permission when using either class, so the sample app avoids requesting permission until it’s necessary. A camera app, photo editing app, or library browsing app needs to use much more of PhotoKit‘s functionality, but [[an app that’s only setting a basic profile photo doesn’t need photo library permission]].

[0] https://developer.apple.com/documentation/photokit/selecting...

replies(2): >>45066288 #>>45067860 #
14. moi2388 ◴[29 Aug 25 15:27 UTC] No.45065383{3}[source]
It’s about permissions to read out the photo album to begin with, as well as due to it being a pain to change often leading to whole selections of photos being shared
15. ChrisLTD ◴[29 Aug 25 16:14 UTC] No.45065986[source]
Something like "allow app access to last photo" would be ideal for me
replies(1): >>45066664 #
16. dfxm12 ◴[29 Aug 25 16:37 UTC] No.45066288{3}[source]
The argument for the walled garden is that Apple should be taking these options away from the developer in favor of user security. Yes, blame the developer, but also blame Apple.
replies(1): >>45067757 #
17. Nevermark ◴[29 Aug 25 17:05 UTC] No.45066664[source]
Why?

If they have access to the last photo ... every photo you ever took was the last photo. Why mess around giving app's permission to surveil/siphon off your photos at all?

Any carte blanche for apps, and apps will go to great lengths to take advantage of that in unexpected ways, and obscure the fact they are doing so.

And privacy losses can never be verifiably reversed.

All most apps need is for you to select photos to upload/import using an Apple supplied photo selector. So they only see and get exactly what you want them to have.

18. bee_rider ◴[29 Aug 25 17:59 UTC] No.45067368[source]
I use it every time. The alternative is to give Meta access to your whole photo roll, which… they will obviously abuse, whatever toggles you set, right?

It isn’t so bad, but I don’t upload much.

19. hombre_fatal ◴[29 Aug 25 18:12 UTC] No.45067529{3}[source]
You're not understanding the complaint or you have Full Access turned on without realizing it.

Set an app like WhatsApp to No Access or Limited Access.

Now try to upload a photo into chat.

Instead of just presenting you with all of your photos so that you can upload one, you first have to click "Manage" -> "Select more photos" -> "Add the photo".

Now you can select that one photo for upload.

That could obviously be trimmed up into Grant + Upload in a single operation, but instead it's so clunky that people grant Full Access just to avoid it.

It doesn't make much UX sense since I want to push one image into the app one time, while priv granting is for future pull operations that don't make sense 99% of the time.

replies(1): >>45067866 #
20. privatelypublic ◴[29 Aug 25 18:32 UTC] No.45067757{4}[source]
Looks like zpempenfish is right- most apps are inappropriately asking for the wrong permissions.

I feel the issue here is apple not enforcing developer guidelines(unless I'm misremembering here too). However, that frequently requires people making a stink. I suspect Apple's legal team has decided not to make an issue off it because of the Epic lawsuit- where public opinion is largely against Apple... even though Apple told Epic to pound sand over issues Epic has paid the FTC _HALF A BILLION DOLLARS_ and counting... to settle. See: https://www.ftc.gov/news-events/news/press-releases/2022/12/...

And to forestall "but apple's cut." Reality check: google's policy is substantially identical, and amazon appstore's was "we'll take 30%, but give 20% back in expiring AWS credit." I'm sure ya'll will let me know of other app stores' policies.

21. nielsbot ◴[29 Aug 25 18:42 UTC] No.45067860{3}[source]
Meta: You know, the user might accidentally pick "all photos" and then we get to hoover their photo roll up.
22. Zanfa ◴[29 Aug 25 18:43 UTC] No.45067866{4}[source]
> Instead of just presenting you with all of your photos so that you can upload one, you first have to click "Manage" -> "Select more photos" -> "Add the photo".

That's not a OS limitation, this is a UX dark pattern from WhatsApp that they've purposefully added to make the UX terrible to push people into granting "Full Access".

I just tested it with both "Add Photos Only" and "Limited Access" modes with Signal and iOS does exactly what you described as the perfect UX. It's literally the following:

1) Tap Add Photo in a chat

2) System photo picker appears

3) Select which photo you want in your entire gallery (not limited to photos previously granted to Signal)

4) Photo is sent to chat

Again, this is with both non-Full Access modes. I think your beef is with Meta, not Apple.

replies(1): >>45068804 #
23. ks2048 ◴[29 Aug 25 18:51 UTC] No.45067952{4}[source]
Exactly this exists. (It’s called PHPickerViewController). It does not require permissions because the image upload process is explicitly choosing an asset.

Photo centric apps may choose more extensive APIs, but those require OS-level permissions (the user explicitly giving access)

24. billti ◴[29 Aug 25 18:53 UTC] No.45067973[source]
That's what I do. Works great. Yes a couple of extra clicks is annoying, and apps are often "Hey how about you go into settings and let me access all your photos for a better experience!", but I'm happy with 2 or 3 extra clicks the few times a month I share a photo in order to limit access.
25. hombre_fatal ◴[29 Aug 25 20:07 UTC] No.45068804{5}[source]
Hmm, I can confirm that Signal does work the way you describe.

It looks like there is a separate API for "Private Access to Photos" that is less common than the UX I describe (WhatsApp, Reddit, Twitter, Discord).

Maybe one thing we can agree on is that if apps have to opt-in to the API that's better for users, then we can also blame Apple.

replies(1): >>45072060 #
26. BillSaysThis ◴[29 Aug 25 20:42 UTC] No.45069164[source]
I use it explicitly for Facebook
27. mechanicalpulse ◴[29 Aug 25 21:19 UTC] No.45069518{4}[source]
Others have already mentioned that this is possible with iOS. iOS 14 introduced a bunch of privacy improvements including the PHPickerViewController, but some apps may not yet be using it. [0]

I will say that in the event that an app is not using PHPickerViewController, sometimes it's still possible to emulate it by exiting the app, going into the photos app, selecting the photo, selecting the little "send" arrow in the bottom left, and then picking the app to send it to. I do this all the time with the Slack app. Copy-and-paste may be another route. Sure, it's a silly workaround for a feature that should have been there from day one, but c'est la vie.

[0] https://developer.apple.com/documentation/photokit/deliverin...

28. d1sxeyes ◴[30 Aug 25 05:12 UTC] No.45072060{6}[source]
Seems you can just `get` the result?

Not sure what I’m missing that means so many apps don’t do this, vastly better UX.

https://github.com/signalapp/Signal-iOS/blob/0151cfdee27cb03...

replies(1): >>45072741 #
29. Zanfa ◴[30 Aug 25 07:49 UTC] No.45072741{7}[source]
You’re right! They’re all using the same API, there’s no other better “opt-in” API. Some developers just want to make the UX worse for their own nefarious purposes. Nothing to do with Apple.