Developer Warns That Granting iPhone Camera Permissions Allows Apps to Secretly Capture You

Following the demonstration of a phishing attack that used Apple-style password requests to get into an iPhone user's Apple ID account, developer Felix Krause this week has detailed another proof-of-concept project, this time focused on the iPhone's cameras.

Krause warned that any time you grant an app permission to access your iPhone's front and back cameras, the app can secretly take pictures and videos of you as long as it's running in the foreground (via Motherboard).

iphone8designcameras
Similar to his previous blog post, Krause's camera privacy project isn't about disclosing a new iOS bug, but more about warning users that this kind of privacy violation is possible within iOS. Many apps regularly request permission to the camera in iOS, allowing users to post photos from their Camera Roll, take a picture within the app without leaving it, and more.

Krause explained that with these permissions granted to a malicious app, the iPhone's front and back cameras can be turned on when that app is running. From there it could record content, upload it online, and even run real-time facial recognition software to detect emotions, all without indicating that your iPhone is recording you or your surroundings.

watch user screenshot


Krause created a demo called watch.user to further emphasize his point, creating a fake social network app that tracks the user. As you browse, Krause explained, "you'll suddenly see pictures of yourself, taken a few seconds ago while you scrolled through the feed." In the image above, he explained that with a vision framework in iOS 11 a developer could even map someone's face to track their expressions, and Krause's mapping software displayed a corresponding emoji as a further proof of concept.

The developer said that there are "only a few things you can do" to potentially prevent this from happening, including purchasing camera covers to place over your iPhone's lenses. Otherwise, you have to revoke camera access for all apps -- which would greatly hinder the usefulness of many apps -- and instead always use Apple's built-in Camera app.


Krause reported the issue to Apple, and mentioned a few ways it could be potentially addressed:

- Offer a way to grant temporary access to the camera (e.g. to take and share one picture with a friend on a messaging app), related to detect.location.

- Show an icon in the status bar that the camera is active, and force the status bar to be visible whenever an app accesses the camera

- Add an LED to the iPhone’s camera (both sides) that can’t be worked around by sandboxed apps, which is the elegant solution that the MacBook uses

To double check which apps have access to your iPhone's cameras and photo library, navigate to the Settings app in iOS, tap Privacy, and there you'll find Photos and Camera. Apps that you've granted access to each will be listed, and you can change settings with toggles or choosing to "Never" allow access. As a point of emphasis, Krause's project isn't a bug or a major security breach you need to worry about, but it is a good reminder to ensure the apps you grant camera access to are trustworthy.

Top Rated Comments

D.T. Avatar
55 months ago
This is exactly why I parade around in front of my iPhone in the nude ...
Score: 58 Votes (Like | Disagree)
macguru212 Avatar
55 months ago
This is exactly why I parade around in front of my iPhone in the nude ...
Yes, we know.
Score: 39 Votes (Like | Disagree)
Bug-Creator Avatar
55 months ago
Newsflash:

Allowing an app to use the camera will allow the app to the camera !!!!!!!


*doh*

Solution:
Deny such request for any app that doesn't NEED the camera.
If the app asks again -> delete
Score: 25 Votes (Like | Disagree)
Futurix Avatar
55 months ago
So the app that was explicitly granted permission to use the camera can use it while you actively use the app? OUTRAGE!

I could see that as an issue if it would be able to still use the camera in the background - but it doesn’t!
So what’s the issue?

And iOS 11 introduced separate permissions for using camera and accessing photos - so apps can be more granular at permissions.
Score: 23 Votes (Like | Disagree)
HacKage Avatar
55 months ago
A couple of sarky comments along the lines of "If you grant permission, then duh". The problem is that it is recording covertly, while you are browsing normal content. There's no need to be a dick about it, there are numerous apps out there that you grant camera permission to, kids will use filter apps to edit their pics etc. How about when you're on the can browsing through an Instagram style app viewing content, totally oblivious to the fact that it is recording the whole thing? The ideal solution is the LED that the MacBooks have. Having that tie in with a notification light for the OS would be even better.
Score: 23 Votes (Like | Disagree)
Hater Avatar
55 months ago
This is exactly why I parade around in front of my iPhone in the nude ...
I wonder if these app developers that do such things could go to jail for underage naked photos if one of the many under 18 phone users was nude while using their app.
Score: 15 Votes (Like | Disagree)

Popular Stories

iPhone 14 Mock pill and hole thumb

ProMotion Now Expected to Remain Exclusive to iPhone 14 Pro Models, Not Expand to Entire Lineup

Sunday January 16, 2022 8:56 am PST by
Continuing the tradition set with the iPhone 13 Pro, only the highest-end iPhone 14 models will feature Apple's ProMotion display technology, according to a respected display analyst. Ross Young, who on multiple occasions has detailed accurate information about Apple's future products, said in a tweet that ProMotion will not be expanded to the entire iPhone 14 lineup and will remain...
AirPods Pro Gen 3 Mock Feature Red

AirPods Pro 2 Could Start a New Accessory Ecosystem

Friday January 14, 2022 2:34 am PST by
Apple's second-generation AirPods Pro could arrive alongside a new series of accessories, recent leaked images suggest. Alleged leaked photos of the next-generation AirPods Pro obtained by MacRumors showed a charging case with a metal loop on the side for attaching a strap. Apple has not used this design for any of its other AirPod models and it is unclear why it would be added in this...
Unlikely Products 2022 Feature

Six Rumored Apple Products You're Unlikely to See This Year

Saturday January 15, 2022 2:06 pm PST by
Much has been said about what consumers could see from Apple in 2022, but the company is also working on a handful of rumored products that aren't expected to be unveiled for at least another 12 months, and in some cases a lot longer. Of course, that's assuming they get released at all. Apple works on many potential products some of which ultimately never see the light of day. With that in...
safari icon blue banner

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time

Sunday January 16, 2022 3:37 pm PST by
A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS. In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session....
ipad air 4 video

New iPad Air Rumored to Launch This Spring With A15 Chip, 5G, Center Stage Camera, and More

Saturday January 15, 2022 8:05 pm PST by
Apple is planning to release a fifth-generation iPad Air with similar features as the sixth-generation iPad mini, including an A15 Bionic chip, 12-megapixel Ultra Wide front camera with Center Stage support, 5G for cellular models, and Quad-LED True Tone flash, according to Japanese blog Mac Otakara. Citing reliables sources in China, the report claims that the new iPad Air could be...
netflix2

Netflix Again Raises Prices for All Plans, 4K Streaming Now $20 Per Month

Friday January 14, 2022 12:46 pm PST by
Netflix today updated the prices for its streaming plans, and all of its offerings are now more expensive. The Basic plan is now priced at $9.99 per month, the Standard plan is priced at $15.49 per month, and the Premium plan is priced at $19.99 per month. The Basic plan is $1 more expensive, up from $8.99 per month. This plan allows users to watch on just one screen at a time, and it limits ...
top stories 20220115

Top Stories: iPhone 14 Pro Rumors, iCloud Private Relay Controversy, iOS 15.2.1 Released, and More

Saturday January 15, 2022 6:00 am PST by
Hole-punch? Pill? Hole-punch and pill? Rumors about what the front camera system on the iPhone 14 Pro will look like are evolving rapidly, and it now appears we might be getting a novel but potentially controversial design later this year. Other major stories this week included some confusion and controversy about iCloud Private Relay being disabled for some T-Mobile customers, increasing...
iPhone 14 Mock pill and hole 16x9 120hz

Analyst: All iPhone 14 Models to Feature 120Hz Displays, 6GB of RAM, and More

Friday January 14, 2022 7:02 am PST by
Apple is rumored to announce four new iPhone 14 models in September, and ahead of time, analyst Jeff Pu has outlined his expectations for the devices. In a research note with Haitong International Securities, obtained by MacRumors, Pu claimed that all iPhone 14 models will feature ProMotion displays, compared to only Pro models currently. ProMotion enables a variable refresh rate up to 120Hz ...