A few weeks ago, I discussed how I wanted to see Apple build-out options to secure specific iCloud Drive folders with Face ID/PIN code unlocks for additional security. One of the folks who read the article had an excellent idea about iCloud Photos security that I wanted to expand on further.
In his comment, Eli Matar had this idea:
Good idea. I think they should also add a social media Album in Photos, where apps can only access that specific album when asking for permission, instead of accessing your entire photo library. Maybe a Social Media option in camera like Square, SLO-MO, and Portrait, where when you take a photo, it’s automatically saved on your social media album. And the ability to control all of this in Camera Setting.
Eli makes an excellent point. Right now, Apple’s iCloud Photo security permissions are all or nothing. Why do I need to give Twitter access to my entire photo library in iCloud Photos to post a screenshot? Why can’t there be an in-between security model?
Eli has a great idea where you could give apps access to a specific album or photos taken in an individual setting in the Camera app? What other ideas would we implement to be able to post pictures to apps, but also maintain our privacy?
Access to a single album
As Eli hinted at, it shouldn’t be an all or nothing model. A simple fix here is to give apps access to only a single album. The benefit here is you can control what data is shared. The downside is that it’ll be slightly tedious to have to move a photo or video into a specific album before an app like Instagram or Twitter has access to see it.
Access to all photos going forward
I don’t love this option, but another idea to increase iCloud Photo security would be for a user to be able to protect all images taken/added before the day where an app is asking for access. The downside is that you’d need to be concerned with everything in the future. A possible workaround would be if you gave access for only a short window that would auto-expire after some time.
Limit location access and cloud scanning
You can learn a lot about someone by having access to their photo library. One of the big things is you can learn exactly where they’ve been and likely live using the GPS data embedded in the photos. What if you could limit apps reading the EXIF data unless they authorized that explicitly?
Another option would be for Apple to disallow transferring any data learned about your photos to a web service unless you specifically allowed the data to be uploaded. To sum it up, an app can learn a lot about you from just the data iCloud Photos provides before it even scans a photo. Letting users control how apps can access all of the photo data would be a great security addition to iCloud Photos.
Wrap-up on iCloud Photos security
I’d love to see Apple work to allow users to continue using their iCloud Photos inside of apps like Twitter, Facebook, and Instagram, but I’d also love to see Apple work out solutions that can find the right privacy balance. Just because someone wants to post a photo on Instagram doesn’t mean they want Instagram to have access to decades worth of pictures and the corresponding information. I think giving users even more control on not only which apps can access iCloud Photos, but also what sort of access they have would be a valuable change.
FTC: We use income earning auto affiliate links. More.