Share this article:
A new warning has been issued to iPhone users. Apps downloaded to the smartphones can turn on the phone's camera and take pictures at any time, and it's doing it secretly.
Felix Krause, an Austrian developer who works for Google, built an app that was able to take pictures of its user every second and upload them, without the app or the phone ever notifying the user.
He called it a "privacy loophole that can be abused by iOS apps." When an app wants to access the camera, for example, to scan a credit card or take a profile picture during the set-up process, the iPhone user must give the app permission to access the camera, in the same way that apps must ask to access the camera roll, location, and contact information and to send notifications.
Once allowed, it has to be turned off via the settings menu. But most don't do that.
Apple has now been urged to change the way in which iPhone apps are granted access to the phone's camera after Krause boldly demonstrated how the apps can secretly record photos and videos without the user knowing. Krause said that once an app has been granted initial access, it can take photos and videos whenever it is opened up.
Unlike on Mac computers, which have a small green light next to the camera when it is being used, there is no indication that an app is recording videos or taking photos, or when it sends them elsewhere.
The system works similarly with Android phones, but Krause's apps were made specifically for iPhones. Google has recently deleted several apps that surreptitiously recorded users and masqueraded as legitimate apps.
The app permissions are indefinite too. They apply to both the front and back camera, as well a video. Allowing camera permissions can grant extra access in the latest version of iOS, which has a facial recognition engine that could allow apps to detect emotions.
The permissions system is not a bug or a flaw either. It works in exactly the way Apple has designed it to. Krause said malicious apps could take advantage of the permissions system to surreptitiously record users at any time.
He warned that other apps could monitor users' emotions as they scroll through a social network news feed, record what they are saying, or live stream video of them in the bathroom as they tap away at a smartphone game.
Krause suggested that Apple introduce a system of temporary permissions. One which allows apps to take a picture during the set-up process, but revokes it after a period of time. Or they could introduce a warning light or notification to the iPhone that tells people when they are being recorded.
Originally published at SHTFplan.com
- republished with permission.