iOS11 photo library access is possible even if settings are set to "never"

Question

if UIImagePickerController.isSourceTypeAvailable(.photoLibrary) {     let imagePicker = UIImagePickerController()     imagePicker.sourceType = .photoLibrary     imagePicker.allowsEditing = true     self.present(imagePicker, animated: true, completion: { }) } 

Even if I set access to Photos in Settings to "Never" with above code I can still present image picker and show photos. I'll check for PHPhotoLibrary.authorizationStatus() before showing it, but I would like to know is this expected behaviour?

Answer 1

Okay, you can sort of piece this together from answers and comments already, but to try to tell a more complete story...

---

In iOS 11, UIImagePickerController runs as a separate process from your app. That means:

1. Your app can't see the user's whole Photos library — it gets read-only access just for whichever asset(s) the user chooses in the image picker.
2. Because of (1), your app doesn't need the standard privacy authorization for Photos library access. The user explicitly chooses a specific asset (or multiple) for use in your app, which means the user is granting your app permission to read the asset(s) in question.

You can see more about this in the WWDC17 talk on PhotoKit.

(By the way, this model matches what you've seen in the Contacts framework since iOS 9; if you show contact picker, your app only gets a one-time drop of contact information for the contact(s) the user picked, not ongoing read/write access to the Contacts database, so the contact picker doesn't require special privacy permission.)

---

PHPhotoLibrary and its authorization status reflect the global read/write permission for Photos access that users can control from Settings > Privacy. (That's the one where your Info.plist needs NSPhotoLibraryUsageDescription.) Any use of the PHPhotoLibrary API requires this permission, regardless of whether your app's use of that API is only for writing or only for reading. This has been true since PhotoKit was introduced in iOS 8.

If you're not using PHPhotoLibrary, PHAsset, etc, there are narrower permission options that are new in iOS 11 (and not part of the Photos.framework API):

• As noted above, UIImagePickerController doesn't need blanket Privacy Settings permission because each use grants one-time read access for the specific assets chosen.

• If you need only to add new assets to the Photos library, use UIImageWriteToSavedPhotosAlbum or UISaveVideoAtPathToSavedPhotosAlbum. With those you can put NSPhotoLibraryAddUsageDescription in your Info.plist — then the system's Privacy Settings will make clear to the user that they're not giving your permission to see or modify existing assets, only to add new ones.

  If the user grants add-only permission, it applies only to those UIKit functions — attempting to use PHPhotoLibrary will still prompt for (and require the Info.plist key for) read/write access.

  See this part of the WWDC17 talk for more on the add-only privacy setting.

Answer 2

Is this expected behaviour? - YES.

From the docs - https://developer.apple.com/documentation/uikit/uiimagepickercontroller/1619144-issourcetypeavailable

true if the device supports the specified source type; false if the specified source type is not available.

It tells you if the device supports the source type and not if the app has the permission to access it.

As you already mentioned in the question, PHPhotoLibrary.authorizationStatus() would be correct way to check this.