Google developer shows how any iPhone app could covertly record you

Greg S

TS Evangelist

Managing device permissions can be tricky when there are plenty of apps in the wild asking for a screen full of privileges for seemingly mundane tasks. It was recently revealed that the Uber app for iOS has used special permissions to better optimize for Apple Watches albeit with the side effect of allowing screen recording.

Now, iOS developer Felix Krause at Google has revealed that apps may have a lot more access than intended. Granting an app permission to use the camera on iOS, for example, allows for silent use of the camera any time an app is in focus. Users are not notified that the camera is in use and photos or videos can be immediately sent to remote servers without an additional permission request.

One of the largest fundamental issues pointed out is that camera permissions are a one-time setting. Once permission is granted, usually at the first launch after installation, the access is never removed unless a user specifically goes into their settings to revoke it. Users often forget what permissions they grant to an app and are unlikely to think about which apps are capable of creating privacy issues.

A proof of concept app has been created to show how any app with camera permissions is able to secretly record a user. The app has the user take a picture for a demonstration social media site and then scroll through a news feed. After scrolling through the feed, app users will start to see pictures of themselves while browsing. Facial recognition can also be run from the captured images to identify the user and locate other pictures of them online.

The demo app is available on GitHub and can be safely tested on iOS devices. As a solution to the issue, Krause proposes offering temporary permissions to apps when sharing pictures is needed. A status icon could be added to show when cameras are in use. For future iPhones, a status LED could be added that is triggered when the camera sensor is in use.

For now, the only sure solution to preventing unwanted recording is physically blocking the cameras on your device. Even CEOs such as Mark Zuckerberg have resorted to putting tape over webcams to ensure that privacy is maintained.

Permalink to story.

 

OutlawCecil

TS Evangelist
Yup.
Any smartphone at any time can be hacked.
Say cheese!
Hacking is actually an old method. The new up and coming thing is to get users to "allow" you in. This scam is being used in sooooo many ways right now because users are gullible and will give permission for about anything just because it's requested.
 
  • Like
Reactions: Reehahs and Capaill
S

senketsu

They should let Apple know on the low, and get back to fixing their own shiat. Did they even patch up the WiFi bug yet?
Google is a competitor to Apple thru Android, and what does Google have to do with the WiFi bug? No more than Microsoft, Apple or anyone else
 

MonsterZero

TS Evangelist
They should let Apple know on the low, and get back to fixing their own shiat. Did they even patch up the WiFi bug yet?
If you're referring to the WPA KRACK, that's a consumer wide issue affecting a range of hardware and software, not specifically a Google issue.

What's more important here is that Apple didn't find this Camera issue on its own.
 

Danny101

TS Guru
Even oem Android apps ask for too many permissions. Why can't I use a portion of the app if I need it? If I reach a point where that permission is needed, then I'll allow it, and possibly turn it back off. No, I have to allow all permissions just to use the app at all. Google, Apple. before you talk to government about privacy, how about making good on our concerns about what you're doing with it.
 
  • Like
Reactions: wiyosaya