Re: Accessing as files
That assumes that iOS apps are accessing files directly when given access to photos, as opposed to get a handle to some sort of object or stream.
All (modern) operating systems work that way. Accessing files "directly" doesn't even make sense since a file is an operating system construct representing a number of (likely non contiguous) disk blocks. To open and copy a JPG in iOS you do something like this:
if let image = UIImage(named: "photo.jpg") {
if let jpg = UIImageJPEGRepresentation(image, 1.0) {
try? jpg.write(to: "photo_backup.jpg")
}
}
"image" is a byte stream with the abstract image file contents and "jpg" is the same byte stream wrapped in a JPEG compander. As you can see, it takes one parameter specifying compression level. What you're suggesting is making UIImageJPEGRepresentation suppress the EXIF component based on some global setting, but that's not going to stop a nefarious app parsing "image" directly so you're going to have to shift the code down to UIImage and start parsing content inside APIs that were intended only to marshal byte buffers. But it's worse. They could still do this:
let folder = try? FileManager.default.url(for: .documentDirectory,in: .userDomainMask, appropriateFor: nil, create: true)
if let rawJPGData = folder?.appendingPathComponent("photo").appendingPathExtension("jpg") {
// Decode and snaffle the EXIF
}
That bypasses the image subsystem entirely and treats the file as an undifferentiated byte sequence. Suddenly we need to move speculative JPG/EXIF sniffing and suppression to every I/O operation.
There are various steps Cupertino could take with equally varied backward compatibility and performance side effects. A simple example of the former is that a hash of the file as written to disk won't match the verification check once it is read into memory (because the OS altered it) so a robust application (read back after write) will flag all JPG I/O as corrupt, and the performance implications of checking every file read for a potential JPG header are obvious.