GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → PrivacyNoName → iSpyML

PrivacyNoName / iSpyML

Licence: other
Just another app that looks for NSFW😱 photos into your 'hidden' folder. 🍎 Posts to Facebook timeline is v 2.0 feature.

Programming Languages

swift
15916 projects

Labels

machine-learningprivacydeep-learningcoreml

Projects that are alternatives of or similar to iSpyML

DeTeXt
iOS app that detects LaTeX symbols from drawings. Built using PencilKit, SwiftUI, Combine and CoreML for iOS 14(or greater) and macOS 11(or greater).
Stars: ✭ 73 (+284.21%)
Mutual labels:  coreml
sense-iOS
Enhance your iOS app with the ability to see and interact with humans using the RGB camera.
Stars: ✭ 19 (+0%)
Mutual labels:  coreml
CoreML-and-Vision-with-a-pre-trained-deep-learning-SSD-model
This project shows how to use CoreML and Vision with a pre-trained deep learning SSD (Single Shot MultiBox Detector) model. There are many variations of SSD. The one we’re going to use is MobileNetV2 as the backbone this model also has separable convolutions for the SSD layers, also known as SSDLite. This app can find the locations of several di…
Stars: ✭ 16 (-15.79%)
Mutual labels:  coreml
SentimentVisionDemo
🌅 iOS11 demo application for visual sentiment prediction.
Stars: ✭ 34 (+78.95%)
Mutual labels:  coreml
ios-visionkit-webview
Element detection with Vision Framework and CoreML
Stars: ✭ 26 (+36.84%)
Mutual labels:  coreml
iOS11-Demos
Collection of samples and demos of features introduced in iOS 11
Stars: ✭ 16 (-15.79%)
Mutual labels:  coreml
CustomVisionMicrosoftToCoreMLDemoApp
This app recognises 3 hand signs - fist, high five and victory hand [ rock, paper, scissors basically :) ] with live feed camera. It uses a HandSigns.mlmodel which has been trained using Custom Vision from Microsoft.
Stars: ✭ 25 (+31.58%)
Mutual labels:  coreml
CoreMLDemo
CoreML.framework Demo App
Stars: ✭ 42 (+121.05%)
Mutual labels:  coreml
iOS-CoreML-Inceptionv3
Real-time Object Recognition using Apple's CoreML 2.0 and Vision API -
Stars: ✭ 46 (+142.11%)
Mutual labels:  coreml
AIBud
An experimental CreateML project for predicting playing musical key and scale in realtime
Stars: ✭ 18 (-5.26%)
Mutual labels:  coreml
YOLOv3-CoreML
YOLOv3 for iOS implemented using CoreML.
Stars: ✭ 166 (+773.68%)
Mutual labels:  coreml
BootFinder
Boot Finder demonstrates the power of using on-device machine learning models to delight users in new and innovative ways. It's private too! Because this model runs on-device, customer photos never leave the phone!
Stars: ✭ 34 (+78.95%)
Mutual labels:  coreml
ESC10-CoreML
An open-source CoreML model trained on the ESC10 dataset
Stars: ✭ 17 (-10.53%)
Mutual labels:  coreml
CarLens-iOS
CarLens - Recognize and Collect Cars
Stars: ✭ 124 (+552.63%)
Mutual labels:  coreml
WhoAreYou
Face detection and recognition with CoreML and ARKit
Stars: ✭ 91 (+378.95%)
Mutual labels:  coreml
deepvac
PyTorch Project Specification.
Stars: ✭ 507 (+2568.42%)
Mutual labels:  coreml
visual-recognition-with-coreml
🕶 Classify images offline using Watson Visual Recognition and Core ML.
Stars: ✭ 40 (+110.53%)
Mutual labels:  coreml
loki
Proof-of-concept of emotion-targeted content delivery using machine learning and ARKit.
Stars: ✭ 76 (+300%)
Mutual labels:  coreml
Vision CoreML-App
This app predicts the age of a person from the picture input using camera or photos gallery. The app uses Core ML framework of iOS for the predictions. The Vision library of CoreML is used here. The trained model fed to the system is AgeNet.
Stars: ✭ 15 (-21.05%)
Mutual labels:  coreml
digitrecognition ios
Deep Learning with Tensorflow/Keras: Digit recognition based on mnist-dataset and convolutional neural-network on iOS with CoreML
Stars: ✭ 23 (+21.05%)
Mutual labels:  coreml
View All Similar Projects ➔

Apple CoreML: Steal User Data 6x Faster

TL;DR: The problem that exists starting at least from iOS 8: any app, that you gave access to your photos and videos, can see ALL of them, including those in your "Hidden" album and iCloud. With the new iOS 11 machine learning features, it became super-easy for any application to steal sensitive information from the photos and videos.

I've written a proff-of-concept iOS app that finds all your 'hidden' NSFW pictures. No private APIs were used, so the app will likely pass Apple review and will be released on the AppStore. Here is the code on the Github. I'm thinking about adding a Facebook integration now.

I did this, because I wanted to demonstrate, how easy it is to abuse user's security and privacy under current iOS permission management system.

How Photo Permissions Work

No doubts you all have seen this type of messages:

Most of the users just always press "OK" without ever reading it. Some of you even know that you can reclaim those permissions back in iPhone settings:

By the way, this is a screenshot from iOS 11 beta, where they have added a new option: "Add photos only". By some reason, it is available only for some apps, and they just stop working if you opt it.

Now, what exactly can an app do with your photos? Anything: analyze in a background, compress, send to their servers and so on. You will never know because by pressing "OK" button you have agreed on all of those.

"Hidden" Album

In iOS 8 Apple introduced a new awesome security and privacy feature: "Hidden album." So now you can safely store your photos in that album, right?

No, you can’t. Any application that has access to your photo library also has access to the content of this folder. Even worse, by putting your sensitive photos into that album you are effectively marking them as interesting, so the malicious apps can say to the system: “Hey, give me the whole folder of those interesting photos.” And user will never know, that the app has just uploaded all his “hidden” photos to its servers. If you’re an iOS developer, you can check it yourself. That’s how what official documentation says about this feature:

What's New in iOS 11

Ok, there was a major privacy and security hole for several years, but now in iOS 11, they have fixed this, right? Let's see, how that had changed in the iOS 11 beta.

First of all, now I can't reclaim permission I gave to Skype to see my photos because it's just is not on the list of the apps, which have those privileges. I checked in Skype itself, and it was able to see all my photos. Maybe it's just a bug in a beta version, but the alarming one: it signals that permission management system is poorly designed and is a full of bugs. Hidden album content is still visible in iOS 11 beta via Photos framework.

In iOS 11 Apple introduced a simple way to deploy neural networks and other machine learning models to your applications - CoreML framework. So now you don't need to upload user's photo to the cloud to do analysis there, you can do all analysis on device and users are paying electricity bills.

So, I put together a simple app that analyses the content of you 'hidden' album and rates all photos according to their 'NSFW'-ness. The porn detection is done using a deep neural network. The whole app development took like an hour or two. I used a Yahoo NSFW neural network, converted it to CoreML and drag-and-dropped to the iOS project. A few lines of code and that's it. Read the Yahoo blog post if you're interested in how it works.

More to this, Apple provides separate APIs to get all your screenshots (what for I wonder?), all your selfies (including hidden NSFW selfies), APIs to analyze if the photo contains barcodes, QR codes, texts, faces and so on. Not speaking about GPS location which is saved in each photo's EXIF metadata if you haven't disabled it manually. It also provides an API to download photos from the iCloud if they are not on the device currently.

I'm not against machine learning (ML). It is great, and I used it in my apps even before the CoreML. But one should understand that it adds a lot of room for the privacy and security breaches. In fact, if you check the databases of scientific papers, you would see, there are a plenty of them about stealing some data from user's smartphone using ML:

  • Stealing the PIN code
  • Keylogging
  • Voice recognition via the motion sensors
  • Tricking the voice assistant with human-unintelligible commands
  • Face and emotions recognition
  • and so on and so forth

Any application that has permission to your photo library (namely: Skype, Twitter, Facebook, Snapchat, Prisma, etc.) can extract info not only about you but also about anyone, who had a mischance to be in your photos.

It's not about Porn

Researchers from Max Planck Institute for Informatics successfully used a neural network to extract the following personal information from the smartphone photo libraries:

Personal Description

  • Gender
  • Eye Color
  • Hair Color
  • Fingerprint
  • Signature
  • Face
  • Tattoo
  • Nudity
  • Race
  • (Skin) Color
  • Traditional Clothing
  • Full Name
  • First Name
  • Last Name
  • Place of Birth
  • Date of Birth
  • Nationality
  • Handwriting
  • Marital status
  • Religion
  • Sexual Orientation
  • Culture
  • Hobbies
  • Sports
  • Personal Occasion
  • General Opinion
  • Political Opinion
  • Personal Relationships
  • Social Circle
  • Professional Circle
  • Competitors
  • Spectators
  • Similar view
  • Education history
  • Visited Landmark
  • Visited Location
  • Home address
  • Date/Time of Activity
  • Phone no.
  • Username
  • Email address
  • Email content
  • Online conversations
  • Legal involvement
  • Vehicle Ownership
  • License Plate
  • Employment
  • Occupation
  • Work Occasion

Health

  • Physical disability
  • Medical Treatment
  • Medical History

Documents

  • National Identification
  • Credit Card
  • Passport
  • Drivers License
  • Student ID
  • Mail
  • Receipts
  • Tickets

Check this paper for more details:

Orekondy, T., Schiele, B., Fritz, M. (2017). Towards a Visual Privacy Advisor: Understanding and Predicting Privacy Risks in Images. arXiv

Now, next time you are giving a viral selfie-editing app access to your photos, be aware, that you just had given access to all this plenty of private information.

With all these great features in iOS 11, I don't recommend anyone to install it until Apple introduces a way to control access to your data. Unfortunately, at the moment things look like Apple sees privacy as "just another feature," and that's why it always lags behind the stickers and emojis.

One More Thing...

Finally, I want to cite several people at Apple:

"Core ML provides high performance implementations of deep neural networks [...] and they allow you to take models [...], execute them with tremendous performance on device. It gives you all the data privacy benefits and all of the carefully tuned compatibility with all of our platforms, and the performance really is incredible. [...] iPhone is six times faster than Google Pixel and the Samsung S8 using Core ML".

- Craig Federighi – SVP, Software Engineering, Apple Inc., WWDC 2017.

"Our team cares deeply about your privacy".

- Phil Schiller – SVP, Worldwide Marketing at Apple, WWDC 2017

"We believe you should have great features and great privacy. You demand it and we are dedicated to providing it".

- Craig Federighi – SVP, Software Engineering, Apple Inc., WWDC 2016.

"We’ve got PhotoKit, gives you access to your complete iCloud Photo Library, all the videos, all the photos".

- Eddy Cue – SVP, Internet Software and Services, WWDC 2016.

"But you know, all of this great work in iOS 10 would be meaningless to us if it came at the expense of your privacy. And so in every feature that we do, we carefully consider how to protect your privacy".

- Craig Federighi – SVP, Software Engineering, Apple Inc., WWDC 2016.

"But there was more we wanted to do. Adding intelligence throughout the user experience in a way that enhances how you use your device but without compromising your privacy".

- Craig Federighi – SVP, Software Engineering, Apple Inc., WWDC 2015.

Questions and answers

Q: But still iOS has better security, than Android does!

A: The difference is like shooting a gun at your head (Android) vs. putting on a condom and then shooting a gun at your head (iOS).

Q: Have you filed a radar?

A: It's not a bug, it's a feature.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].