This alarming privacy concern in Apple’s mobile operating system was highlighted by an Austrian developer and Google engineer, Felix Krause, who detailed the issue in his blog post published Wednesday which states that iPhone apps can take photos without permission.
The iPhone has a serious privacy concern that basically allows IOS app developers to take photos and record videos using your front and back camera secretly without your consent.
Krause said, that it is in the way Apple’s software handles camera access.
Apparently, there is a legitimate reason for many apps, such as Facebook, WhatsApp, and Snapchat, to request access to your camera, in an effort to take a photo within the app.
Just so you kow, this permissions system is not a bug or a flaw instead it is a feature, and it works exactly in the way Apple has designed it, but the Austrian developer, Krause, said any malicious app could take advantage of this feature to silently record users activities.
Granting camera permission could enable iOS app developers to access:
- both the front and the back camera of your device,
- photograph and record you at any time the app is in the foreground,
- upload the recorded and captured content immediately, and
- run real-time face detection to read your facial expressions.
Interesting how all of these are done without warning or alerting you in any way.
Since Apple only requires users to enable camera access one time when they are asked to grant blanket permission to an app and gives free access to the camera without requiring any LED light or notification, Krause explained that a malicious app could leverage this loophole to go far beyond its intended level of access to spy on users.
The researcher has even developed a proof-of-concept app only to demonstrate how a malicious app could abuse such permissions to silently take your pictures every second as you use the app, or even live stream video of your surrounding from your front and rear cameras without notifying you.
Krause said his “goal [to build the demo app] is to highlight a privacy loophole that can be abused by iOS apps.”
Krause has also provided a short video demonstration of the issue, which shows the demo app taking photographs of the person using it every second. The app also included a facial recognition system to detect the person using it.
The researcher warned that such a rogue app could record “stunning video material from bathrooms around the world, using both the front and the back camera, while the user scrolls through a social feed or plays a game.”
How to Protect Your Privacy?
There is a little user can do to protect them.
Krause recommended Apple to introduce a way to grant temporary permissions to access the camera, allowing apps to take a picture during a limited period of time, and then revokes it after that.
Another way is to introduce a warning light or notification to the iPhone that informs people when they are being recorded.
Most importantly, do not let any malicious app enter your smartphone. For this, always download apps from an official app store and read reviews left by other users about the app and its developer.