iOS Apps With Camera Permissions Can Take Photos, Video Without User’s Knowledge
Apple prides itself in the ability of iOS to keep its users safe and secure, but as is always the case with software, it is simply impossible to make everything 100% safe. That has been reaffirmed after a Google engineer shared a demo app that is able to take photos and record video whenever it is in the foreground without the user ever knowing it is happening.
With iOS, any app that requires access to the device’s camera has to show a dialog box asking for permission, and it has been this way for a while. However, as developer Felix Krause has shown in video form, a rogue app could ask for permission for seemingly innocuous reasons only to then violate the user’s trust by capturing video or stills without the user’s knowledge.
The issue is that once permission has been given, the app can do pretty much whatever it wants, whenever it wants so long as it is in the foreground. The possibilities are pretty scary, with apps able to, in theory, watch a user’s reaction to a particular ad that may be playing in order to collect feedback. According to Krause, there are a couple of options available to Apple, although a third would be possible if there was more room on an iPhone’s forehead – simply put, a notification light up there that would be engaged with when the camera is active in a similar way to how Macs behave. That’s unlikely to happen, so Apple’s other options are:
Offer a way to grant temporary access to the camera (e.g. to take and share one picture with a friend on a messaging app) [or] show an icon in the status bar that the camera is active, and force the status bar to be visible whenever an app accesses the camera.
The only safeguard in place as of now is Apple’s app review process, which should, hopefully, capture any app that was to try something like this. However, we do know that the processes within Apple are not infallible, as shown by Uber’s ability to continue to track users even after their rides had ended.