Apps may be grabbing even more data than you realized, even if you are among the few people who read all the terms and conditions.

According to a report from the New York Times, app developers told the newspaper’s Nick Bilton that granting an app access to location services can, in some cases, give developers the right to copy a user’s entire photo library.

Just because the functionality exists, Bilton noted, it doesn’t mean that developers are using it. But he also pointed out that Apple doesn’t expressly forbid copying photos, meaning that a dishonest developer could take advantage of the loophole.

Apple screens all the apps that flow into its store, which has given it a better reputation for safety than the Android app Marketplace. The controversy over the Path app, which siphoned off users’ contact information, cast that reputation into some doubt. Apple did later say that Path’s actions violated its guidelines and said that any apps would require explicit user approval to access contact data in the future.

The Verge reported that Apple is working on a fix for this latest data vulnerability, citing “sources familiar with the situation.” Those unnamed sources said that Apple is likely to close the loophole with its next iOS update.

Apple did not immediately respond to a request for comment.

Related stories:

Privacy controversy over Path for iPhone, iPad should be a wake-up call

Path deletes contact data, updates app

Path app under fire for copying address books