1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Google developer shows how any iPhone app could covertly record you

By Greg S ยท 9 replies
Oct 26, 2017
Post New Reply
  1. Managing device permissions can be tricky when there are plenty of apps in the wild asking for a screen full of privileges for seemingly mundane tasks. It was recently revealed that the Uber app for iOS has used special permissions to better optimize for Apple Watches albeit with the side effect of allowing screen recording.

    Now, iOS developer Felix Krause at Google has revealed that apps may have a lot more access than intended. Granting an app permission to use the camera on iOS, for example, allows for silent use of the camera any time an app is in focus. Users are not notified that the camera is in use and photos or videos can be immediately sent to remote servers without an additional permission request.

    One of the largest fundamental issues pointed out is that camera permissions are a one-time setting. Once permission is granted, usually at the first launch after installation, the access is never removed unless a user specifically goes into their settings to revoke it. Users often forget what permissions they grant to an app and are unlikely to think about which apps are capable of creating privacy issues.

    A proof of concept app has been created to show how any app with camera permissions is able to secretly record a user. The app has the user take a picture for a demonstration social media site and then scroll through a news feed. After scrolling through the feed, app users will start to see pictures of themselves while browsing. Facial recognition can also be run from the captured images to identify the user and locate other pictures of them online.

    The demo app is available on GitHub and can be safely tested on iOS devices. As a solution to the issue, Krause proposes offering temporary permissions to apps when sharing pictures is needed. A status icon could be added to show when cameras are in use. For future iPhones, a status LED could be added that is triggered when the camera sensor is in use.

    For now, the only sure solution to preventing unwanted recording is physically blocking the cameras on your device. Even CEOs such as Mark Zuckerberg have resorted to putting tape over webcams to ensure that privacy is maintained.

    Permalink to story.

     
  2. amstech

    amstech IT Overlord Posts: 2,033   +1,228

    Yup.
    Any smartphone at any time can be hacked.
    Say cheese!
     
  3. OutlawCecil

    OutlawCecil TS Guru Posts: 567   +410

    Hacking is actually an old method. The new up and coming thing is to get users to "allow" you in. This scam is being used in sooooo many ways right now because users are gullible and will give permission for about anything just because it's requested.
     
    Reehahs and Capaill like this.
  4. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,284

    And Android can't be affected??? Like hell it can't.
     
  5. drjekelmrhyde

    drjekelmrhyde TS Guru Posts: 310   +92

    They should let Apple know on the low, and get back to fixing their own shiat. Did they even patch up the WiFi bug yet?
     
    Reehahs likes this.
  6. Google is a competitor to Apple thru Android, and what does Google have to do with the WiFi bug? No more than Microsoft, Apple or anyone else
     
  7. wiyosaya

    wiyosaya TS Evangelist Posts: 3,289   +1,718

    WOW! What a surprise this is! /sarcasm
     
  8. MonsterZero

    MonsterZero TS Evangelist Posts: 546   +297

    If you're referring to the WPA KRACK, that's a consumer wide issue affecting a range of hardware and software, not specifically a Google issue.

    What's more important here is that Apple didn't find this Camera issue on its own.
     
  9. Danny101

    Danny101 TS Guru Posts: 577   +231

    Even oem Android apps ask for too many permissions. Why can't I use a portion of the app if I need it? If I reach a point where that permission is needed, then I'll allow it, and possibly turn it back off. No, I have to allow all permissions just to use the app at all. Google, Apple. before you talk to government about privacy, how about making good on our concerns about what you're doing with it.
     
    wiyosaya likes this.
  10. erickmendes

    erickmendes TS Evangelist Posts: 500   +220

    *inserto face-palm here...*
    People think wifi bug is Google's fault... Oh the horror.
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...