Mojave Photos Permissions Privacy Issue

[dialogos]

Under the security & Privacy I noticed that Skype has access to my photos and I don't recall ever granting such access! Few days later I installed Firefox which also has access to my photos without granting access.

For everything else, location, contacts, calendar, camera, microphone ,macOS will always ask me if I grant access to the app. It seems there is a small exception for photos. Could you please help me here?

Thanks a lot

 

[casperes1996]

Now I'm not entirely certain about what I'm about to say; It's more spitballing ideas as to why than anything conclusive, but!

I would imagine the reason is the API used to access the photos. I would assume it doesn't actually give the app "access" to the photos per se, but rather just allows the app to present a picker view so that you as a user can select your photos from within the app. - It's how the old iLife suite used to do it to make the apps work together.

Thus, since the app doesn't get any of the specific photos before it's selected from the picker view, it's not really a privacy concern, and Apple defaults to allowing it, unless a more permissive API is used.

It's a guess

 

[dialogos]

Now I'm not entirely certain about what I'm about to say; It's more spitballing ideas as to why than anything conclusive, but!

I would imagine the reason is the API used to access the photos. I would assume it doesn't actually give the app "access" to the photos per se, but rather just allows the app to present a picker view so that you as a user can select your photos from within the app. - It's how the old iLife suite used to do it to make the apps work together.

Thus, since the app doesn't get any of the specific photos before it's selected from the picker view, it's not really a privacy concern, and Apple defaults to allowing it, unless a more permissive API is used.

It's a guess

first of all thank you very much for your reply. Does your system have the same behaviour too?

 

[casperes1996]

first of all thank you very much for your reply. Does your system have the same behaviour too?

Well, I can't remember if I've granted access to the apps on my list, so it's kinda hard to say.
Comparing to your case though, neither Skype n'or Firefox are on the list, and I do have them installed. But I may very well just not have clicked on the portions of the apps that activate the API and asks macOS for access.

 

[dialogos]

Well, I can't remember if I've granted access to the apps on my list, so it's kinda hard to say.
Comparing to your case though, neither Skype n'or Firefox are on the list, and I do have them installed. But I may very well just not have clicked on the portions of the apps that activate the API and asks macOS for access.

I just want to make something clear here because I'm not very technical oriented The only thing I did with Skype was to upload my personal profile photo on the app , but I didn't upload it through the photos app. I just selected a file from my computer desktop. Is this what could activate the API?

I'm always curious if by giving such permissions to apps someone could actually "steal" personal photos.

Thanks a lot

 

[casperes1996]

I just want to make something clear here because I'm not very technical oriented The only thing I did with Skype was to upload my personal profile photo on the app , but I didn't upload it through the photos app. I just selected a file from my computer desktop. Is this what could activate the API?

Right. I don't think I've done that with Skype on my Mac. – Picking it from a view within the app, or perhaps even dragging it from the Photos app could definitely activate the system call. Dragging it from the desktop or any other location through Finder shouldn't, seeing it's not interacting with the system's photo library, just a regular file handler.

I'm always curious if by giving such permissions to apps someone could actually "steal" personal photos.

Makes good sense. I wouldn't worry about Firefox, as it's open source and people check and audit the code to make sure nothing fishy is happening there.
I also would think Skype to be safe in that aspect, since Microsoft probably wouldn't take the risk considering they see Skype as a business platform; Then again they could consider Skype and Skype for Business different enough products to incorporate data-mining in the regular Skype to sell to advertisers. But EU GDPR regulations mean that they'd have to make it obvious to the user that they were doing it, and require explicit consent, not just something burried in a 200 page EULA. That is, they could theoretically make such consent actions only be present in the EU version of Skype, but most companies don't want the hassle of differentiating their products too much between markets if it can be avoided, so they don't have to maintain separate codebases.

If you don't use Photos access in the app, I'd encourage disallowing it again from System preferences to be entirely on the safe side, but I think you're alright regardless.

 

[dialogos]

Right. I don't think I've done that with Skype on my Mac. – Picking it from a view within the app, or perhaps even dragging it from the Photos app could definitely activate the system call. Dragging it from the desktop or any other location through Finder shouldn't, seeing it's not interacting with the system's photo library, just a regular file handler.



Makes good sense. I wouldn't worry about Firefox, as it's open source and people check and audit the code to make sure nothing fishy is happening there.
I also would think Skype to be safe in that aspect, since Microsoft probably wouldn't take the risk considering they see Skype as a business platform; Then again they could consider Skype and Skype for Business different enough products to incorporate data-mining in the regular Skype to sell to advertisers. But EU GDPR regulations mean that they'd have to make it obvious to the user that they were doing it, and require explicit consent, not just something burried in a 200 page EULA. That is, they could theoretically make such consent actions only be present in the EU version of Skype, but most companies don't want the hassle of differentiating their products too much between markets if it can be avoided, so they don't have to maintain separate codebases.

If you don't use Photos access in the app, I'd encourage disallowing it again from System preferences to be entirely on the safe side, but I think you're alright regardless.

Thank you very much for your time!!

I found online this terminal command which resets all app permissions. I will play with it a bit: tccutil reset All .

 

[casperes1996]

I found online this terminal command which resets all app permissions. I will play with it a bit: tccutil reset All .

Sure; Feel free to update the thread with any interesting finds - Could be fascinating to see what you discover about this behaviour.