A rogue iOS app can gain access to limited geo-location information by obtaining image permissions and extracting GPS coordinates from locally-stored photos. Fastlane Tools founder Felix Krause spotted this loophole in the iOS permissions model last week. The problem is that iOS does not differentiate between apps that need permission to select a photo and apps that manage or edit images. Krause contacted Apple and warned the company about the issue. He even admitted the app on the App Store, most likely not realizing it’s a proof-of-concept.
Source: https://www.bleepingcomputer.com/news/apple/permissions-loophole-lets-ios-apps-extract-location-details-from-image-metadata/