There is no security breach here. In iOS 11, the standard photo picker runs in a separate process. When the user picks a photo, one-time access to that single photo is give. To the app. Since the user is picking the photo, and can just cancel, no separate permission is needed.<p><a href="https://stackoverflow.com/q/46404628/77567" rel="nofollow">https://stackoverflow.com/q/46404628/77567</a>