Developer Warns That Granting iPhone Camera Permissions Allows Apps to Secretly Capture You

Following the demonstration of a phishing attack that used Apple-style password requests to get into an iPhone user's Apple ID account, developer Felix Krause this week has detailed another proof-of-concept project, this time focused on the iPhone's cameras.

Krause warned that any time you grant an app permission to access your iPhone's front and back cameras, the app can secretly take pictures and videos of you as long as it's running in the foreground (via Motherboard).

iphone8designcameras
Similar to his previous blog post, Krause's camera privacy project isn't about disclosing a new iOS bug, but more about warning users that this kind of privacy violation is possible within iOS. Many apps regularly request permission to the camera in iOS, allowing users to post photos from their Camera Roll, take a picture within the app without leaving it, and more.

Krause explained that with these permissions granted to a malicious app, the iPhone's front and back cameras can be turned on when that app is running. From there it could record content, upload it online, and even run real-time facial recognition software to detect emotions, all without indicating that your iPhone is recording you or your surroundings.

watch user screenshot


Krause created a demo called watch.user to further emphasize his point, creating a fake social network app that tracks the user. As you browse, Krause explained, "you'll suddenly see pictures of yourself, taken a few seconds ago while you scrolled through the feed." In the image above, he explained that with a vision framework in iOS 11 a developer could even map someone's face to track their expressions, and Krause's mapping software displayed a corresponding emoji as a further proof of concept.

The developer said that there are "only a few things you can do" to potentially prevent this from happening, including purchasing camera covers to place over your iPhone's lenses. Otherwise, you have to revoke camera access for all apps -- which would greatly hinder the usefulness of many apps -- and instead always use Apple's built-in Camera app.


Krause reported the issue to Apple, and mentioned a few ways it could be potentially addressed:

- Offer a way to grant temporary access to the camera (e.g. to take and share one picture with a friend on a messaging app), related to detect.location.

- Show an icon in the status bar that the camera is active, and force the status bar to be visible whenever an app accesses the camera

- Add an LED to the iPhone’s camera (both sides) that can’t be worked around by sandboxed apps, which is the elegant solution that the MacBook uses

To double check which apps have access to your iPhone's cameras and photo library, navigate to the Settings app in iOS, tap Privacy, and there you'll find Photos and Camera. Apps that you've granted access to each will be listed, and you can change settings with toggles or choosing to "Never" allow access. As a point of emphasis, Krause's project isn't a bug or a major security breach you need to worry about, but it is a good reminder to ensure the apps you grant camera access to are trustworthy.

Related Forums: iOS 11, iPhone

Popular Stories

space black mbp

Apple Potentially Facing Worst Leak Since iPhone 4 Was Left in a Bar

Monday October 7, 2024 3:03 pm PDT by
Alleged photos and videos of an unannounced 14-inch MacBook Pro with an M4 chip continue to surface on social media, in what could be the worst product leak for Apple since an employee accidentally left an iPhone 4 prototype at a bar in California in 2010. The latest video of what could be a next-generation MacBook Pro was shared on YouTube Shorts today by Russian channel Romancev768, just...
Alleged M4 MacBook Pro Leak Video

Alleged M4 MacBook Pro Unboxing Video Reveals These Four Upgrades

Sunday October 6, 2024 6:10 pm PDT by
An alleged unboxing video for an unannounced 14-inch MacBook Pro with the M4 chip was uploaded to YouTube today by Russian channel Wylsacom. The video was later linked to on social media platform X by Bloomberg's Mark Gurman. It is possible that this is the same MacBook Pro box shown in photos that were shared by leaker ShrimpApplePro in late September, as he claimed that this MacBook Pro...
M4 Real Feature Red

Gurman: Apple to Launch First M4 Macs and Potentially iPad Mini 7 on November 1

Sunday October 6, 2024 6:40 am PDT by
Apple will announce several new M4 Mac models around the end of October, with the company planning to launch at least some of them as soon as Friday, November 1, according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, Gurman said that Apple will launch a new M4 version of its low-end 14-inch MacBook Pro, as well as higher-end 14-inch and 16-inch MacBook Pro models...
watchos 11 vitals

Apple Watch Users Report Vitals App Detecting Illness Before Symptoms Appear

Monday October 7, 2024 5:34 am PDT by
Apple's new Vitals app for watchOS 11 appears to be impressing some users with its ability to detect potential illness days before symptoms manifest, according to recent reports on Reddit. The Apple Watch app, which analyzes key health metrics measured during sleep over the last seven days, appears to be providing early warnings of impending sickness for at least some Apple Watch wearers...
Generic iOS 18

Apple Plans to Release iOS 18.1 With Apple Intelligence on October 28

Sunday October 6, 2024 6:18 am PDT by
Apple intends to launch iOS 18.1 with the first set of much-anticipated Apple Intelligence features on October 28, according to Bloomberg's Mark Gurman. Writing in the latest edition of his Power On newsletter, Gurman says the release date is arriving this month later than initially expected, as Apple is reportedly taking extra time to ensure a smooth rollout and prepare its AI cloud...
Generic iOS 18

Everything New in iOS 18.1 Beta 6

Monday October 7, 2024 4:27 pm PDT by
We're nearing the end of the iOS 18.1 beta testing process, but Apple is continuing to make tweaks to refine built-in features ahead of when the software launches. With testing winding down, there are fewer new additions, but Apple has made changes worth noting. The new beta is available for both developers and public beta testers. Control Center In the Control Center, Apple has added new...
iPad mini review thumb

iPad Mini 7 Coming Next Month: What to Expect

Tuesday October 8, 2024 6:16 am PDT by
Rumors strongly suggest Apple will release the seventh-generation iPad mini in November, nearly three years after the last refresh. Here's a roundup of what we're expecting from the next version of Apple's small form factor tablet, based on the latest rumors and reports. Design and Display The new iPad mini is likely to retain its compact 8.3-inch display and overall design introduced with...

Top Rated Comments

D.T. Avatar
91 months ago
This is exactly why I parade around in front of my iPhone in the nude ...
Score: 58 Votes (Like | Disagree)
macguru212 Avatar
91 months ago
This is exactly why I parade around in front of my iPhone in the nude ...
Yes, we know.
Score: 39 Votes (Like | Disagree)
Bug-Creator Avatar
91 months ago
Newsflash:

Allowing an app to use the camera will allow the app to the camera !!!!!!!


*doh*

Solution:
Deny such request for any app that doesn't NEED the camera.
If the app asks again -> delete
Score: 25 Votes (Like | Disagree)
Futurix Avatar
91 months ago
So the app that was explicitly granted permission to use the camera can use it while you actively use the app? OUTRAGE!

I could see that as an issue if it would be able to still use the camera in the background - but it doesn’t!
So what’s the issue?

And iOS 11 introduced separate permissions for using camera and accessing photos - so apps can be more granular at permissions.
Score: 23 Votes (Like | Disagree)
HacKage Avatar
91 months ago
A couple of sarky comments along the lines of "If you grant permission, then duh". The problem is that it is recording covertly, while you are browsing normal content. There's no need to be a dick about it, there are numerous apps out there that you grant camera permission to, kids will use filter apps to edit their pics etc. How about when you're on the can browsing through an Instagram style app viewing content, totally oblivious to the fact that it is recording the whole thing? The ideal solution is the LED that the MacBooks have. Having that tie in with a notification light for the OS would be even better.
Score: 23 Votes (Like | Disagree)
Hater Avatar
91 months ago
This is exactly why I parade around in front of my iPhone in the nude ...
I wonder if these app developers that do such things could go to jail for underage naked photos if one of the many under 18 phone users was nude while using their app.
Score: 15 Votes (Like | Disagree)