Developers who create content for Apple’s App Store have revealed that they can create apps that can access users address book and photos without the user knowing.

The New York Times reports: “The New York Times asked a developer, who asked not to be named because he worked for a popular app maker and did not want to involve his employer, to create a test application that collected photos and location information from an iPhone. When the test app, PhotoSpy, was opened, it asked for access to location data. Once this was granted, it began siphoning photos and their location data to a remote server. (The app was not submitted to the App Store.).”

Last year, Apple faced similar controversy around “location gate” in which iPhones started tracking a user’s location without the permission of the user. Apple responded by  releasing an update that allows users to have more privacy and requires opt-in. But with the current loophole, which is seemingly more of an intrusion, will users continue to put up with the risks?