Which Apps Access Your iPhone Photo Library?
What Full Access, Limited Access, and Add Photos Only really mean on iOS — and which apps ask for more than they need.
When an app requests "Full Access" to your photo library, it can read every photo, video, screenshot, and all associated metadata — GPS coordinates, timestamps, facial recognition data. Most apps that ask for Full Access could work perfectly fine with Limited Access or the system photo picker. The permission prompt doesn't explain what you're actually giving away.
The moment you tap "Allow Full Access," you hand over your entire photo library to that app. Every vacation photo. Every screenshot of a private conversation. Every selfie you took and never posted. Along with the GPS coordinates of where each one was taken, the exact time, and which faces appear in them.
iOS offers granular photo permissions since iOS 14, refined further in iOS 17. But most users never see the options because the permission dialogs are designed around a quick tap, and most apps push for the broadest access level.
The four permission levels
Apple's PHPhotoLibrary framework defines four levels of photo access. Each one grants a fundamentally different amount of data:
1. No Access
The app cannot see any photos. It can still use the system photo picker (PHPicker) — a system-controlled UI that lets users select specific photos without granting the app any library access at all. The app receives only the selected images. No browsing, no metadata, no background access.
This is the gold standard for privacy. The photo picker requires zero permissions and gives the app exactly what the user selects — nothing more.
2. Add Photos Only
The app can save new images to the photo library but cannot read any existing photos. Useful for camera apps, screenshot tools, or image editors that only need to save output.
3. Limited Access
Introduced in iOS 14 and detailed at WWDC 2020, Limited Access lets users select specific photos an app can see. The app receives a filtered view of the library — it cannot detect that it's in limited mode or see anything beyond the selected photos.
In iOS 17, the system re-prompts periodically if an app has Limited Access, reminding users to review which photos are shared.
4. Full Access
The app can read and write every photo and video in the library, including all metadata: EXIF data, GPS coordinates, creation date, modification date, album membership, facial recognition groups, and more. The app can also observe changes to the library in real time.
Full Access means the app can read your location history (via photo GPS data), your social graph (via facial recognition groups), your daily habits (via timestamps), and your screenshot history. All without requesting Location Services or Contacts permissions.
What Full Access actually exposes
Photo metadata is a richer data source than most people realize. A photo library with a few thousand images contains:
- Location history: GPS coordinates embedded in every outdoor photo, accurate to a few meters. Where you live, where you work, where you travel.
- Timestamps: When you wake up (first photo of the day), when you go out, your routines.
- Social connections: iOS automatically groups photos by recognized faces. An app with Full Access can read these groupings.
- Device information: Camera model, lens data, software version embedded in EXIF metadata.
- Screenshots: Every private conversation, banking screen, medical result, or password you've screenshotted.
A discussion on Apple's community forums highlights this concern: when the iPhone grants Full Access, the system explicitly warns that "Photos may contain data associated with location, depth information, captions and audio."
Which apps ask for Full Access (and which shouldn't)
Some apps genuinely need Full Access — a photo management app, a backup tool, or a dedicated photo editor that needs to browse the library. But many popular apps request Full Access when a lesser permission would work:
Social media apps: Instagram, TikTok, Snapchat, and Facebook all request Full Access. They need it for their in-app gallery picker (they built their own instead of using Apple's system picker). Using the system photo picker would give users the same experience with zero permissions. The choice to build a custom picker is a design decision — one that happens to require Full Access.
Messaging apps: WhatsApp, Telegram, and Signal request photo access for sharing images in conversations. Signal uses the system picker by default. WhatsApp and Telegram request broader access for their custom media browsers.
Apps that only need to save: Some camera and editing apps request Full Access when they only need Add Photos Only — the permission to save images without reading existing ones.
How to check your current permissions
Go to Settings → Privacy & Security → Photos. Every app with photo access is listed along with its current permission level. You can downgrade any app from Full Access to Limited Access or None.
On iOS 17+, the permission options per app are:
- Full Access: Reads everything
- Limited Access: Only selected photos
- Add Photos Only: Can save, cannot read
- None: No access at all
Review this list now. Any app you don't actively use for photo browsing should be set to "Limited Access" or "None." Most apps will continue to work — they'll just use the system photo picker instead.
Tracker SDKs inside photo apps
Photo access is one dimension. The other is what the app does with the data once it has it. Many free apps bundle analytics and advertising SDKs that collect behavioral data — which screens you visit, how long you spend, what you tap.
Exodus Privacy is a non-profit that analyzes Android apps for embedded trackers. While iOS apps aren't directly analyzed, the same SDKs appear on both platforms. Common trackers found in photo-related apps include:
- Facebook SDK: Sends usage data to Meta for ad targeting
- Google Firebase Analytics: Tracks screen views, events, and user properties
- Amplitude: Behavioral analytics (famously used by Keepsafe, as documented in their public case study)
- Adjust / AppsFlyer: Attribution SDKs that track how users found the app
These SDKs operate independently of photo access. But combined with Full Access — where the app can read your location history, social graph, and habits from photo metadata — the data picture becomes remarkably complete.
For a deeper analysis of tracking inside vault apps specifically, see Are Photo Vault Apps Actually Safe?.
The system photo picker: the permission that doesn't exist
The most privacy-friendly approach is also the simplest: use Apple's system photo picker. It requires zero permissions. The user sees a familiar photo grid, selects what they want to share, and the app receives only those images. No metadata browsing, no background access, no library observation.
Any app that shows photos from your library — for sharing, posting, or editing — could use this picker instead of requesting Full Access. The apps that don't are making a deliberate choice.
What to do about it
- Audit your permissions now: Settings → Privacy & Security → Photos. Revoke Full Access from any app that doesn't need it.
- Choose "Limited Access" when prompted: iOS lets you select specific photos instead of granting the full library. Most apps work fine in this mode.
- Watch for re-prompts: iOS 17+ periodically reminds you about apps with Limited Access. Use these reminders to review and adjust.
- For truly private photos, use a separate vault: Photos in your library are accessible to any app with Full Access. An encrypted vault like Inner Gallery stores photos outside the system library, encrypted with a separate key, invisible to other apps.
For a complete list of iPhone photo privacy settings, see The iPhone Photo Privacy Checklist.
Inner Gallery stores photos outside the iOS photo library, encrypted individually with ChaCha20-Poly1305. No app can access them — not even with Full Access to your photo library. Coming soon at innergallery.app.