iOS11 photo library access is possible even if settings are set to "never"
if UIImagePickerController.isSourceTypeAvailable(.photoLibrary) {
let imagePicker = UIImagePickerController()
imagePicker.sourceType = .photoLibrary
imagePicker.allowsEditing = true
self.present(imagePicker, animated: true, completion: { })
}
Even if I set access to Photos in Settings to "Never" with above code I can still present image picker and show photos. I'll check for PHPhotoLibrary.authorizationStatus()
before showing it, but I would like to know is this expected behaviour?
Okay, you can sort of piece this together from answers and comments already, but to try to tell a more complete story...
In iOS 11, UIImagePickerController
runs as a separate process from your app. That means:
- Your app can't see the user's whole Photos library — it gets read-only access just for whichever asset(s) the user chooses in the image picker.
- Because of (1), your app doesn't need the standard privacy authorization for Photos library access. The user explicitly chooses a specific asset (or multiple) for use in your app, which means the user is granting your app permission to read the asset(s) in question.
You can see more about this in the WWDC17 talk on PhotoKit.
(By the way, this model matches what you've seen in the Contacts framework since iOS 9; if you show contact picker, your app only gets a one-time drop of contact information for the contact(s) the user picked, not ongoing read/write access to the Contacts database, so the contact picker doesn't require special privacy permission.)
PHPhotoLibrary
and its authorization status reflect the global read/write permission for Photos access that users can control from Settings > Privacy. (That's the one where your Info.plist needs NSPhotoLibraryUsageDescription
.) Any use of the PHPhotoLibrary
API requires this permission, regardless of whether your app's use of that API is only for writing or only for reading. This has been true since PhotoKit was introduced in iOS 8.
If you're not using PHPhotoLibrary
, PHAsset
, etc, there are narrower permission options that are new in iOS 11 (and not part of the Photos.framework API):
- As noted above,
UIImagePickerController
doesn't need blanket Privacy Settings permission because each use grants one-time read access for the specific assets chosen. -
If you need only to add new assets to the Photos library, use
UIImageWriteToSavedPhotosAlbum
orUISaveVideoAtPathToSavedPhotosAlbum
. With those you can putNSPhotoLibraryAddUsageDescription
in your Info.plist — then the system's Privacy Settings will make clear to the user that they're not giving your permission to see or modify existing assets, only to add new ones.If the user grants add-only permission, it applies only to those UIKit functions — attempting to use
PHPhotoLibrary
will still prompt for (and require the Info.plist key for) read/write access.See this part of the WWDC17 talk for more on the add-only privacy setting.
Is this expected behaviour? - YES.
From the docs - https://developer.apple.com/documentation/uikit/uiimagepickercontroller/1619144-issourcetypeavailable
true if the device supports the specified source type; false if the specified source type is not available.
It tells you if the device supports the source type and not if the app has the permission to access it.
As you already mentioned in the question, PHPhotoLibrary.authorizationStatus()
would be correct way to check this.
This (new) behaviour does sound logical to me, here's why. When using UIImagePickerController
your app doesn't actually get access to any photos. It only sees the one your user has picked, when that happens; and if the user taps Cancel in the picker none of those become available to the app.
PHPhotoLibrary
is part of a separate framework, Photos, where you can do a lot of stuff with the user's photo library, and therefore need permission.
So if you are only using UIImagePickerController
I'd suggest not mixing Photos stuff in.
Disclaimer: haven't heard of any official statement from Apple folks. This forum thread looks relevant, maybe we get a reply there. UPD: there it is, same idea.
Also, if you're evil enough you can theoretically fiddle with UIImagePickerController
view hierarchy at runtime and examine whatever the user sees there. But that's again for Apple to deal with, we should just be nice :-)