Some users have noticed settings that let Meta analyze and retain phone photos

IMO Apple should provide the user with audit logs of which photos/videos were accessed by each app. It might be a long list but it alleviates doubt and would put huge pressure on reputable developers to ensure they don’t get caught doing things the user wouldn’t have expected (even if the user technically allowed it).

I don’t understand why apps need access to my photos at all. (with some very specific exceptions,) apps should only access a photo, which I first select using the system photo picker. There’s no need for apps to access the entire camera roll just so I can select one photo to use with that app.

I know that that’s partially implemented with the limited photo access now, but it’s confusing from a UI perspective and I don’t understand why this isn’t the default.

The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich. Everyone else can suck a lemon.

iOS already has exactly the experience you describe and it clearly urges you toward sharing only specific photos.

The only feature request I have is to be able to scope app permissions to an album, since the current flow of selecting individual photos adds a lot of friction.

No, they (and I) want it to work like the web browser file upload component where you don't need to grant permission ahead of time because it's nonsensical.

Imagine if every time you wanted to upload a file online, you first had to allow the one website to access that image first in one menu before you could select the image in the normal file upload menu. That's the UX they're complaining about.

But you don’t have to do it ahead of time. When you click add photo, you get the system picker to choose the photo and once you’ve selected what you wanna grant access to, that’s it. Literally not a single menu needs to be opened, nothing needs to be configured.

Any UX other than this is something the app developer has implemented on top. iOS works exactly like you described.

You're not understanding the complaint or you have Full Access turned on without realizing it.

Set an app like WhatsApp to No Access or Limited Access.

Now try to upload a photo into chat.

Instead of just presenting you with all of your photos so that you can upload one, you first have to click "Manage" -> "Select more photos" -> "Add the photo".

Now you can select that one photo for upload.

That could obviously be trimmed up into Grant + Upload in a single operation, but instead it's so clunky that people grant Full Access just to avoid it.

It doesn't make much UX sense since I want to push one image into the app one time, while priv granting is for future pull operations that don't make sense 99% of the time.

> Instead of just presenting you with all of your photos so that you can upload one, you first have to click "Manage" -> "Select more photos" -> "Add the photo".

That's not a OS limitation, this is a UX dark pattern from WhatsApp that they've purposefully added to make the UX terrible to push people into granting "Full Access".

I just tested it with both "Add Photos Only" and "Limited Access" modes with Signal and iOS does exactly what you described as the perfect UX. It's literally the following:

1) Tap Add Photo in a chat

2) System photo picker appears

3) Select which photo you want in your entire gallery (not limited to photos previously granted to Signal)

4) Photo is sent to chat

Again, this is with both non-Full Access modes. I think your beef is with Meta, not Apple.