The app also knows that you have given the Camera app location data, and then explicitly given Path access to your photos which were taken with the Camera app. Removing Location Services permission from Path simply means that the Path app cannot directly access your phone's location sensors—nothing more, nothing less. It doesn't mean that Path has to go to every imaginable length to ensure that you don't manage to share your location through other means, like photos or status updates.
>It doesn't mean that Path has to go to every imaginable length to ensure that you don't manage to share your location through other means, like photos or status updates.
Not sure what you mean here. If my app loaded a user's picture, and they said they don't want location data to be used in my app, a simple if check will decide whether or not EXIF data should be read. This is hardly "every imaginable length".
Of course, this may just be a bug, so I don't think we can jump to any conclusions about Path's intentions.
What if someone posts a status update saying "I'm in San Francisco."? What if they post a picture of themselves with the Golden Gate Bridge in the background? Is it reasonable for them to assume that Path will filter these things out, simply because they turned off Location Services?
I think it's ludicrous. iOS is quite clear in its explanation of Location Services, and their explanation is not at all "technical" or intimidating to non-technical users. Also, the permission to access your photos is completely separate from the Location Services permission. Maybe you the author would have a point if iOS automatically gave apps access to your camera roll, but that's not the case.
I don't doubt that some users will be surprised by the photo's geotag, but I suspect it would be an extremely low number of users (the fact that this if just now being blogged about seems to corroborate this, unless Path have just recently added this behavior).
I think you're conflating two very different scenarios. Someone saying "I'm in San Francisco" or posting a picture of them at the Golden Gate Bridge is clearly aware that their location can be determined. EXIF data hidden within a JPEG file is not so clear cut and most users are unlikely to be aware of it.
As you said, Location Services and Photo access are different permissions. Users are therefore likely to assume that location data is not being retrieved if they deny permission to it. If I deny location data to an app, it's because I don't want that app to have my location data. It seems somewhat underhanded, to me at least, to assume that the user wouldn't mind me accessing location data from their photos, knowing full well that the majority of users will not know what EXIF data is. I'd go so far as to say that I would explicitly ask the user if EXIF data should be read alongside the standard location services.
But really, you're the one speculating that a user's intent is different than what their explicit actions on the phone indicate. You're guessing that a user is not aware that photos are geotagged, despite that fact that the Location Services permission is optional on the Camera app as well.
Judging by the post we're commenting on, it's not exactly a shot in the dark guess. Technically, Path has done nothing wrong. They've been given permission to the photos and that's what they're accessing with all the information it brings.
But, to me, if I was told that my app can't access location information, I would assume that it's because the user doesn't want my app to access location information and have my app run with that mindset.
You want your iPhone's camera to access location for one app, but not for another. What would you do? What you're saying is that the user has no choice and it's all or nothing. Give location data to all apps requiring photos or disable it completely.
I think the point is, if you pick "don't read my location data" and then every day post a message "Today I'm at the SF Library", "Today I'm at the NYC Stock Exchange". "Today I'm at DC checking out the White House"
Is Path supposed to censor those image?
You choose to tag your photo. You chose to share the photo. How is that different than posting a text that says where you location is?
>I think the point is, if you pick "don't read my location data" and then every day post a message "Today I'm at the SF Library", "Today I'm at the NYC Stock Exchange". "Today I'm at DC checking out the White House"
That's not the point at all. Your example is of someone explicitly announcing their location. The issue at hand, which may or may not be a bug, is that the metadata is being used to publish the user's location even after they've said that they don't want the app accessing the Location Services.
Technically, there's nothing wrong in that because the app isn't accessing the Location Services. However, I'm pretty sure most users would assume the app won't use any location data by turning that setting off. If you denied an app location data, would you be happy that they still managed to get location data via a means that's not necessarily obvious?
