Sure, but some apps allow you to choose once and henceforth save all photos sent to you. That provides a vector for someone to inject things into your iCloud.
However, I find this risk exaggerated because if someone actually does this, you can just block the app’s ability to access your camera roll in the privacy settings or stop using the app. And report the user to the service, of course.
However, I find this risk exaggerated because if someone actually does this, you can just block the app’s ability to access your camera roll in the privacy settings or stop using the app. And report the user to the service, of course.