IMO Apple should provide the user with audit logs of which photos/videos were accessed by each app. It might be a long list but it alleviates doubt and would put huge pressure on reputable developers to ensure they don’t get caught doing things the user wouldn’t have expected (even if the user technically allowed it).
AndroTux · 29m ago
I don’t understand why apps need access to my photos at all. (with some very specific exceptions,) apps should only access a photo, which I first select using the system photo picker. There’s no need for apps to access the entire camera roll just so I can select one photo to use with that app.
I know that that’s partially implemented with the limited photo access now, but it’s confusing from a UI perspective and I don’t understand why this isn’t the default.
The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich. Everyone else can suck a lemon.
jamwil · 15m ago
iOS already has exactly the experience you describe and it clearly urges you toward sharing only specific photos.
The only feature request I have is to be able to scope app permissions to an album, since the current flow of selecting individual photos adds a lot of friction.
privatelypublic · 12m ago
Unfortunately, no. It allows you to select which photos an app has access to, and I doubt anybody uses it more than once because of how many taps it takes to include a new photo. Unless I'm missing something.
davzie · 6m ago
You're right, I think a better UX would have been to let me select which photos I want to use like a normal camera roll picker and to just automatically make that photo available to the app requesting it rather than me having to first go and approve which photos to make selectable and then going to select it after.
jamwil · 8m ago
That’s exactly what OP asked for. To select which photos an app has access to using the system picker so they can’t see the whole camera roll.
moi2388 · 6m ago
Well, no. It keeps giving permission to the app, and it’s a lot of clicks to manage.
It shouldn’t give access at all, but use a secure clipboard implementation so that only that app can read it out exactly once.
jamwil · 1m ago
Whether you share it once or in perpetuity is of no practical consequence. They already have the photo at that point.
I agree about the clicks—the UX should be one-shot select and share with the permissions handled implicitly.
dd_xplore · 6m ago
Even android has it!
diggan · 17m ago
> I don’t understand why apps need access to my photos at all. [...] There’s no need for apps to access the entire camera roll
So apps like Google Photos or other alternatives to the Apple made Photos app just shouldn't exist at all, if I understand you correctly?
bbarnett · 14m ago
Did the parent edit their comment? Because your response seems to directly ignore multiple things they said.
diggan · 9m ago
Right now the comment says the same as when I wrote my comment:
> I don’t understand why apps need access to my photos at all [...] There’s no need for apps to access the entire camera roll [...] The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich
Which still make me ask the question: They think no apps should access all photos, there is never any need for that, and these app currently do that and they need that, so are they saying those apps shouldn't exist at all?
hdgvhicv · 2m ago
They literally say
“The only apps that need full access to my camera roll, are apps like Google Photos”
Obviously they don’t think the apps shouldn’t exist.
Jyaif · 3m ago
> would put huge pressure on reputable developers
It wouldn't put any pressure on Meta
h1fra · 1h ago
yeah they do that for location*, they should warn if an app is constantly accessing the camera roll
merelysounds · 59m ago
For what it’s worth, iOS does warn when an app has full access to the photo library for a while. E.g.:
> "WhatsApp" has been able to access your entire photo library for 6 months. Do you want to continue to allow full
access?
Yes, but it's not clear to a regular user that an app can access this camera roll without a user's input.
pimlottc · 42m ago
Do you mean prompting for permission to scan local networks? “Localization” normally refers to translating an app into another language.
h1fra · 9m ago
Sorry I meant "location", when an app is accessing gps too often, they send a notification (e.g: I get a weekly notif for foursquare)
king_geedorah · 23m ago
I believe they are referring to the icon that appears in the status bar when an application is using location services (including in the background).
wslh · 1h ago
In the iPhone you can select which photos are accessible by apps.
noname120 · 39m ago
It’s a big pain because then you have a double-picker: first pick the pictures in the native dialog asking you to decide which pictures the app should have access to, and then select again the pictures you want but this time in the WhatsApp picker. It’s very awkward.
trinix912 · 33m ago
A solution would be that Apple builds a privacy preserving picker in the OS, then mandates apps use it instead of giving them access to the camera roll and letting them roll their own pickers in the first place.
SSLy · 30m ago
> A solution would be that Apple builds a privacy preserving picker in the OS
there is already one, the enforcement point is what's missing
enigmo · 24m ago
this already exists, many apps use it. I do wish it was mandatory for _all_ apps to use it instead of being optional.
Ntrails · 1h ago
I locked whatsapp out of my photos and contacts years ago. If I need a pic I copy paste it in.
Yes it is friction but I simply do not trust the Zuck
znpy · 40m ago
I get your point, but there are so many more evil actors in Meta beyond “Zuck”. Reducing a company to a single person silently excuses all other awful people actively working there
merelysounds · 1h ago
Even better, the app can use the OS image picker and don’t have any other access to photos.
It won’t work for all use cases, but when it works it’s very practical. I’d love to see apps use that as the default - and request additional access only when the user’s current action actually requires it.
Years ago, I installed the Facebook app on my phone. I immediately uninstalled it when I saw, horrified, that it had hoovered up all my photos and uploaded them to Facebook (there was no fine-grained storage permission at the time) "for my convenience". I never ran their app on my phone, again.
polytely · 3m ago
Facebook seems like an exceptionally morally rotten company, which I guess just stems from Zuck being in control.
brk · 1h ago
I've removed all Meta apps other than Whatsapp (and I don't love that).
I haven't had the Facebook app on my phone in well over a decade. Had Instagram for a while, I was casually active on it, but Meta just keeps convincing me not to be trusted.
Facebook mobile is a suboptimal experience, which is fine, it just reminds me to use it less.
skylurk · 1h ago
On iOS, whatsapp is weirdly pushy about getting unlimited access to your photo album.
They also go out of their way to make it hard to save a photo without granting full access. Creepy.
orthogonal-wren · 5m ago
What I do is open the photos app and then either copy & paste into the whatsapp message field or use the sharing dialog to share a photo / video on whatsapp. I guess that would also work for the files app.
It’s extra steps but it’s worth it for me.
ozgrakkurt · 9m ago
My solution to this is to go
Photos -> share photo -> whatsapp
Instead of starting from whatsapp
vladvasiliu · 1h ago
IME giving it "limited access" works well; you can save anything without issue.
What pisses me off, though, is that I didn't find a way to give a contact a name without allowing it access to the phone's contacts.
skylurk · 1h ago
Tested it, and yes, when I increase the access from "Add Photos Only" to "Limited Access" I can add photos again.
But now Whatsapp retains access to all the photos I added unless I go into settings and revoke access to those photos. Creepy.
And yeah the contacts thing also pisses me off. They know what they are doing.
gruez · 55m ago
>But now Whatsapp retains access to all the photos I added unless I go into settings and revoke access to those photos. Creepy.
Not really, given whatsapp could be theoretically keeping a local copy and the operating system can't really do anything about it. It would also be a pretty weird case to code. Imagine writing an app where if you tried to save a file, you couldn't immediately access it afterwards.
skylurk · 29m ago
> Imagine writing an app where if you tried to save a file, you couldn't immediately access it afterwards.
It works fine in other apps such as Signal and even Teams.
I don't really want Moxie or MSFT to have persistent access to any part of my personal photo album either, no matter how good they say they'll be.
biinjo · 1h ago
I was going to proudly boast that I don’t have any Meta apps on my phone. Got rid of FB a long time ago, never jumped on the Instagram train.
Then I your post and now I realize I’m still in the Meta world. Forgot about whatsapp for a second.
lazide · 1h ago
There is a reason they paid so much for it. In a lot of the world, they’re essentially required.
Contortion · 1h ago
And next to impossible to get rid of. I would much rather use Signal but convincing even privacy-conscious people to switch is an uphill battle.
mrbombastic · 1h ago
Signal is quite good these days for what it is worth. My whole family switched and hasn’t missed whatsapp. That said I am still stuck on whatsapp, it is basically the only messaging app people use in a lot of the world and used by a ton of businesses.
ratg13 · 1h ago
I gave up Samsung Galaxy entirely over this .. even ended up switching to iPhone because I couldn't find another Android I liked as much.
Every Galaxy I ever owned came with uninstallable facebook apps, despite paying over 1k for the phone.
On the last one I had, I went in and did the ritual deleting facebook, and going in the settings to disable their other background apps.
I checked the phone 8 months later, and found that they had installed even more facebook apps that were now running without my consent.
That was the end of those phones for me, and I'm amazed that I put up with it for so long.
bonoboTP · 17m ago
> came with uninstallable facebook apps
You mean ununinstallable.
daedric7 · 1h ago
While I still have WA installed for unrelated reasons, I'm so happy for Matrix Bridges...
Workaccount2 · 9m ago
Meta is by far the most shamelessly insensitive tech giant. They must actively seek out the most morally depraved devs, I can only imagine the people in those meetings when discussing some of these implementations must have been laughing at how devious it is.
jkubicek · 8m ago
Facebook has been doing this for well over a decade. I once got a notification from the Facebook app, "Do you want to share this photo with Kim?" because Kim was just randomly in the distant background of a photo I had taken of my daughter at kindergarten drop-off. I deleted the Facebook app that day and I make a point to never give any social media app access to my photo library.
cj · 2h ago
This should be a non-issue if you use Apple’s privacy settings to limit Facebook to only have access to the photos you want to use.
I’d highly recommend never granting any app full access to your photos.
gessha · 1h ago
Apple should improve the UI of this photo selection because it’s very cumbersome to scroll and select the same photos twice.
Clent · 1h ago
Agreed. The feature set is in desperate need of the search option both on approved photos and when attempting to approve additional photos. Very often I have to go into the photos app, find the photo, make a mental record of approximately where it is in history and scroll scroll scroll. Obnoxious and cumbersome.
jkubicek · 5m ago
What I really want is to create a special photo album for (Facebook/Instagram/Slack/etc.) and have it automatically gain access to whatever photos I put in there.
loumf · 1h ago
You should do this for apps even if you trust them.
One issue with permissions is that they apply to the entire app, including any third-party dependencies. Lots of apps use libraries given to them by advertising services -- they notoriously exploit permissions given to the app.
lloydatkinson · 1h ago
WhatsApp used to (still might) default to saving all photos from any chat to your phone. This led to some very surprising and unwanted photos being saved to my iPhone gallery. What a stupid idea.
kergonath · 12m ago
I think it’s off by default and you can activate it separately for each discussion.
afarah1 · 58m ago
Android also has limited photos access nowadays.
abcd_f · 1h ago
That's on newer iOS versions and, by extension, on newer Apple devices only though.
rimunroe · 1h ago
Photo library permissions have been around since iOS 14. As long as you have an iPhone made in the last ten years you should be able to use it.
bigDinosaur · 1h ago
Apparently this functionality was released in iOS 14, which was supported by the iPhone 6S, released in 2015, so any phone in the past 10 years should have support for it. That seems reasonable enough.
markus_zhang · 18m ago
One way to deal with the current mess is to use a dumb enough phone only for banking/insurance/chat, a dumb phone for calling and texting, and a camera for photos. It’s less convenient but it’s better for privacy.
petralithic · 45m ago
Some of these comments are interesting to read. Haven't we learned from Cambridge Analytica in 2018? Or the various other scandals over the past 20 years? I can understand normal people not caring but how people on HN still use Meta apps is beyond me.
awesan · 36m ago
By definition they are social apps, so it's not usually up to just individuals whether to use them. For example if I stopped using what's app I'd cut myself off from the majority of my friends and family.
frasermarlow · 24m ago
If you're not paying for it, you are the product.
shortrounddev2 · 4m ago
There are hundreds of ways to secure a laptop and ensure your privacy. Why are there almost no good ways to use a smartphone in a secure and private way?
everdrive · 1h ago
I finally got around to rebuilding my pihole. My wife's phone as absolutely rife with requests for various Real-Time Bidding (RTB) domains. It was a flood of them like I really haven't seen before. I didn't do much troubleshoot, but when we looked at her phone, the Facebook app seemed like the likeliest culprit. (Facebook, after all would be the best-placed to have the user data required to actually participate in RTB.)
Once we deleted the app, the RTB requests went away for good. I've had pihole previously, and she's had the Facebook app previously, and we never seemed to have this issue. Perhaps Facebook is drudging up whatever profits it can since it's mostly cornered the population, and is potentially in decline.
No comments yet
jpl56 · 4m ago
1 : open the Facebook app.
Nope... I'm using a link to my Facebook homepage saved on the home screen.
arnejenssen · 1h ago
Some years ago I stopped used Snapchat, because Snapchat would occasional notify me a "highlight" with a picture from my camera roll. To do that it meant that Snapchat need to have all my pictures on their server, I figured. Not what I signed up for.
Havoc · 1h ago
Better yet - use the phones built in app restrictions to block or selectively allow photo access.
When a corporate does shady shit the last thing you'd do is trust the tools they provide to limit that. That's just insane.
>"People just submitted it. I don't know why. They 'trust me'. Dumb fucks." -Mark Zuckerberg
terminalshort · 48m ago
You trust the tools because one of the few things the company can actually get in trouble for is outright lying.
kjok · 1h ago
The kind of shady practices we have seen from this company, any self-respecting individual will be ashamed except Zuck. He has done more to rot the collective brain of a generation than any single figure in tech history.
The truth is, Meta isn’t building community, it’s building a surveillance hellscape where every click, glance, and pause is commodified. If you work there and still believe you're doing something good for the world, you're either delusional or willfully blind.
klabb3 · 48m ago
Why do apps request persistent access to camera roll at all? I don't want to manage a custom set of pictures. I want to send a picture now by selecting it.
Apps like Messenger, Telegram and WhatsApp refuse to show me the regular old photo picker. I have to enable "limited access" and select the same photos twice (first add to the set, then select for sharing). It's infuriating.
PS: The exception is media management apps, but those are extremely rare and irrelevant in the context of social media and communications apps.
matt_s · 1h ago
Meta can't scan my phone if I don't install Meta's apps on my phone.
A web browser on the phone removes the need for a lot of "apps".
randycupertino · 26m ago
I need whatsapp to communicate with global KOLs for work.
whalesalad · 12m ago
Is it 2012? We've known this forever.
A4ET8a8uTh0_v2 · 1h ago
Well, the good news is: I think this finally gave me a good reason ( one she would accept that is ) to convince wife to drop FB from phone.. yay...
user94wjwuid · 57m ago
this benefits few and violates the privacy of millions… can we get a some fckin privacy laws yet
gmd63 · 15m ago
Zuckerberg: Yeah so if you ever need info about anyone at Harvard
Zuckerberg: Just ask
Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuckerberg: People just submitted it.
Zuckerberg: I don't know why.
Zuckerberg: They "trust me"
Zuckerberg: Dumb fucks
Instant messages sent by Zuckerberg during Facebook's early days, reported by Business Insider (May 13, 2010)
SirMaster · 40m ago
How is the app accessing my photos on iOS when I have not given the app permission to access photos? Did they really find some exploit around this? Or is this photos permission really not the only way?
flanbiscuit · 37m ago
Same question for Android.
My guess is that this only affects people who have granted FB the permission already.
I know that that’s partially implemented with the limited photo access now, but it’s confusing from a UI perspective and I don’t understand why this isn’t the default.
The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich. Everyone else can suck a lemon.
The only feature request I have is to be able to scope app permissions to an album, since the current flow of selecting individual photos adds a lot of friction.
It shouldn’t give access at all, but use a secure clipboard implementation so that only that app can read it out exactly once.
I agree about the clicks—the UX should be one-shot select and share with the permissions handled implicitly.
So apps like Google Photos or other alternatives to the Apple made Photos app just shouldn't exist at all, if I understand you correctly?
> I don’t understand why apps need access to my photos at all [...] There’s no need for apps to access the entire camera roll [...] The only apps that need full access to my camera roll, are apps like Google Photos, Nextcloud or Immich
Which still make me ask the question: They think no apps should access all photos, there is never any need for that, and these app currently do that and they need that, so are they saying those apps shouldn't exist at all?
“The only apps that need full access to my camera roll, are apps like Google Photos”
Obviously they don’t think the apps shouldn’t exist.
It wouldn't put any pressure on Meta
> "WhatsApp" has been able to access your entire photo library for 6 months. Do you want to continue to allow full access?
Screenshots: https://macreports.com/app-has-been-able-to-access-your-enti...
there is already one, the enforcement point is what's missing
Yes it is friction but I simply do not trust the Zuck
It won’t work for all use cases, but when it works it’s very practical. I’d love to see apps use that as the default - and request additional access only when the user’s current action actually requires it.
"Facebook patent uses image recognition to scan your personal photos for brands" https://www.fastcompany.com/90333067/creepy-facebook-patent-...
"faulty pixels, lens scratches, other ‘camera artifacts’ and metadata within the image would be used to associate Facebook users with particular images. " https://www.imaging-resource.com/news/2015/09/18/facebook-wa...
Facebook mobile is a suboptimal experience, which is fine, it just reminds me to use it less.
They also go out of their way to make it hard to save a photo without granting full access. Creepy.
Photos -> share photo -> whatsapp
Instead of starting from whatsapp
What pisses me off, though, is that I didn't find a way to give a contact a name without allowing it access to the phone's contacts.
But now Whatsapp retains access to all the photos I added unless I go into settings and revoke access to those photos. Creepy.
And yeah the contacts thing also pisses me off. They know what they are doing.
Not really, given whatsapp could be theoretically keeping a local copy and the operating system can't really do anything about it. It would also be a pretty weird case to code. Imagine writing an app where if you tried to save a file, you couldn't immediately access it afterwards.
It works fine in other apps such as Signal and even Teams.
I don't really want Moxie or MSFT to have persistent access to any part of my personal photo album either, no matter how good they say they'll be.
Then I your post and now I realize I’m still in the Meta world. Forgot about whatsapp for a second.
Every Galaxy I ever owned came with uninstallable facebook apps, despite paying over 1k for the phone.
On the last one I had, I went in and did the ritual deleting facebook, and going in the settings to disable their other background apps.
I checked the phone 8 months later, and found that they had installed even more facebook apps that were now running without my consent.
That was the end of those phones for me, and I'm amazed that I put up with it for so long.
You mean ununinstallable.
I’d highly recommend never granting any app full access to your photos.
One issue with permissions is that they apply to the entire app, including any third-party dependencies. Lots of apps use libraries given to them by advertising services -- they notoriously exploit permissions given to the app.
Once we deleted the app, the RTB requests went away for good. I've had pihole previously, and she's had the Facebook app previously, and we never seemed to have this issue. Perhaps Facebook is drudging up whatever profits it can since it's mostly cornered the population, and is potentially in decline.
No comments yet
Nope... I'm using a link to my Facebook homepage saved on the home screen.
When a corporate does shady shit the last thing you'd do is trust the tools they provide to limit that. That's just insane.
>"People just submitted it. I don't know why. They 'trust me'. Dumb fucks." -Mark Zuckerberg
The truth is, Meta isn’t building community, it’s building a surveillance hellscape where every click, glance, and pause is commodified. If you work there and still believe you're doing something good for the world, you're either delusional or willfully blind.
Apps like Messenger, Telegram and WhatsApp refuse to show me the regular old photo picker. I have to enable "limited access" and select the same photos twice (first add to the set, then select for sharing). It's infuriating.
PS: The exception is media management apps, but those are extremely rare and irrelevant in the context of social media and communications apps.
A web browser on the phone removes the need for a lot of "apps".
Zuckerberg: Just ask
Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuckerberg: People just submitted it.
Zuckerberg: I don't know why.
Zuckerberg: They "trust me"
Zuckerberg: Dumb fucks
Instant messages sent by Zuckerberg during Facebook's early days, reported by Business Insider (May 13, 2010)
My guess is that this only affects people who have granted FB the permission already.