Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
MacBook Pro Updates
Developer Warns That Granting iPhone Camera Permissions Allows Apps to Secretly Capture You
Following the demonstration of a phishing attack that used Apple-style password requests to get into an iPhone user's Apple ID account, developer Felix Krause this week has detailed another proof-of-concept project, this time focused on the iPhone's cameras.
Krause warned that any time you grant an app permission to access your iPhone's front and back cameras, the app can secretly take pictures and videos of you as long as it's running in the foreground (via Motherboard).
Similar to his previous blog post, Krause's camera privacy project isn't about disclosing a new iOS bug, but more about warning users that this kind of privacy violation is possible within iOS. Many apps regularly request permission to the camera in iOS, allowing users to post photos from their Camera Roll, take a picture within the app without leaving it, and more.
Krause explained that with these permissions granted to a malicious app, the iPhone's front and back cameras can be turned on when that app is running. From there it could record content, upload it online, and even run real-time facial recognition software to detect emotions, all without indicating that your iPhone is recording you or your surroundings.
Image via Felix Krause
Krause created a demo called watch.user to further emphasize his point, creating a fake social network app that tracks the user. As you browse, Krause explained, "you'll suddenly see pictures of yourself, taken a few seconds ago while you scrolled through the feed." In the image above, he explained that with a vision framework in iOS 11 a developer could even map someone's face to track their expressions, and Krause's mapping software displayed a corresponding emoji as a further proof of concept.
The developer said that there are "only a few things you can do" to potentially prevent this from happening, including purchasing camera covers to place over your iPhone's lenses. Otherwise, you have to revoke camera access for all apps -- which would greatly hinder the usefulness of many apps -- and instead always use Apple's built-in Camera app.
Krause reported the issue to Apple, and mentioned a few ways it could be potentially addressed:
Krause warned that any time you grant an app permission to access your iPhone's front and back cameras, the app can secretly take pictures and videos of you as long as it's running in the foreground (via Motherboard).
Similar to his previous blog post, Krause's camera privacy project isn't about disclosing a new iOS bug, but more about warning users that this kind of privacy violation is possible within iOS. Many apps regularly request permission to the camera in iOS, allowing users to post photos from their Camera Roll, take a picture within the app without leaving it, and more.
Krause explained that with these permissions granted to a malicious app, the iPhone's front and back cameras can be turned on when that app is running. From there it could record content, upload it online, and even run real-time facial recognition software to detect emotions, all without indicating that your iPhone is recording you or your surroundings.
Krause created a demo called watch.user to further emphasize his point, creating a fake social network app that tracks the user. As you browse, Krause explained, "you'll suddenly see pictures of yourself, taken a few seconds ago while you scrolled through the feed." In the image above, he explained that with a vision framework in iOS 11 a developer could even map someone's face to track their expressions, and Krause's mapping software displayed a corresponding emoji as a further proof of concept.
The developer said that there are "only a few things you can do" to potentially prevent this from happening, including purchasing camera covers to place over your iPhone's lenses. Otherwise, you have to revoke camera access for all apps -- which would greatly hinder the usefulness of many apps -- and instead always use Apple's built-in Camera app.
Krause reported the issue to Apple, and mentioned a few ways it could be potentially addressed:
- Offer a way to grant temporary access to the camera (e.g. to take and share one picture with a friend on a messaging app), related to detect.location.To double check which apps have access to your iPhone's cameras and photo library, navigate to the Settings app in iOS, tap Privacy, and there you'll find Photos and Camera. Apps that you've granted access to each will be listed, and you can change settings with toggles or choosing to "Never" allow access. As a point of emphasis, Krause's project isn't a bug or a major security breach you need to worry about, but it is a good reminder to ensure the apps you grant camera access to are trustworthy.
- Show an icon in the status bar that the camera is active, and force the status bar to be visible whenever an app accesses the camera
- Add an LED to the iPhone’s camera (both sides) that can’t be worked around by sandboxed apps, which is the elegant solution that the MacBook uses
Related Roundup: iPhone 8
[ 161 comments ]
Top Rated Comments
(View all)
21 months ago
This is exactly why I parade around in front of my iPhone in the nude ...
Yes, we know.
21 months ago
Newsflash:
Allowing an app to use the camera will allow the app to the camera !!!!!!!
*doh*
Solution:
Deny such request for any app that doesn't NEED the camera.
If the app asks again -> delete
Allowing an app to use the camera will allow the app to the camera !!!!!!!
*doh*
Solution:
Deny such request for any app that doesn't NEED the camera.
If the app asks again -> delete
21 months ago
A couple of sarky comments along the lines of "If you grant permission, then duh". The problem is that it is recording covertly, while you are browsing normal content. There's no need to be a dick about it, there are numerous apps out there that you grant camera permission to, kids will use filter apps to edit their pics etc. How about when you're on the can browsing through an Instagram style app viewing content, totally oblivious to the fact that it is recording the whole thing? The ideal solution is the LED that the MacBooks have. Having that tie in with a notification light for the OS would be even better.
21 months ago
So the app that was explicitly granted permission to use the camera can use it while you actively use the app? OUTRAGE!
I could see that as an issue if it would be able to still use the camera in the background - but it doesn’t!
So what’s the issue?
And iOS 11 introduced separate permissions for using camera and accessing photos - so apps can be more granular at permissions.
I could see that as an issue if it would be able to still use the camera in the background - but it doesn’t!
So what’s the issue?
And iOS 11 introduced separate permissions for using camera and accessing photos - so apps can be more granular at permissions.
21 months ago
This is exactly why I parade around in front of my iPhone in the nude ...
I wonder if these app developers that do such things could go to jail for underage naked photos if one of the many under 18 phone users was nude while using their app.
21 months ago
an LED indicator is the perfect solution, I hope apple adds that to future iPhone, iPads and iPods.
21 months ago
Another option for addressing the issue:
* An app must show an image of what the camera sees whenever the camera is active
* An app must show an image of what the camera sees whenever the camera is active
[ Read All Comments ]
For this week's giveaway, we've teamed up with Throwboy to offer MacRumors readers a chance to win a pillow from the Iconic Pillow Collection, which features plush, pillow versions of classic...
Just days ahead of WWDC 2019, freelance graphic designer Álvaro Pabesio has shared a new iOS 13 concept that envisions many features and changes rumored for the software update, including a...
Google has incorporated food ordering features into its mobile apps, allowing iOS and Android users to order food directly from a range of companies without having to install an additional app or...
Following the release of iOS 12.3 on May 13, Apple has stopped signing iOS 12.2, the previous version of iOS that was available to consumers.
iPhone, iPad, and iPod touch owners who have...
Apple's latest Apple Pay promotion includes $1 tacos from Taco Bell when using Apple Pay to pay for an order in the Taco Bell app in the United States.
The new offer, which was...
Spansive, a company developing new wireless charging technology, today announced the launch of the Spansive Source, a multi-phone wireless charging accessory that's designed for families.
...
Back in March, Apple launched the new 10.5-inch iPad Air with Touch ID, a headphone jack, A12 Bionic processor, support for the Apple Pencil, and compatibility with the Smart Keyboard. Today, B&H...
A security researcher found a flaw in Instagram's website that caused thousands of users' email addresses and phone numbers to be exposed online for several weeks, it was revealed on...
