There have been several examples of malicious apps that surreptitiously access a handset’s camera while running in the background, but this won’t be an issue in Android P, according to XDA Developers.
We’re still waiting for the official unveiling of the next version of Android, known internally as 'Pistachio Ice Cream,' but an Android Open Source Project commit appears to have revealed a new rule that would stop idle background apps taking photos.
The rule targets apps’ UIDs (User IDs)—unique identifiers that Android assigns to each new application at the time of its installation. With Android P, the camera can detect if a UID is ‘idle,’ at which point it will generate an error and shut off its access to the camera.
Back in January, security firm Kaspersky Lab uncovered a spyware tool that it called one of the most powerful and advanced forms of mobile malware ever. Skygofree is advertised as a piece of software that increases the internet speeds of those who download it, but among the many malicious activities it can perform is the ability to turn on a front-facing camera and take photos of someone when they unlock their device.
While Oreo does require apps using the camera to display a notification, some users ignore or attempt to disable these warnings. Android P should improve owner security by simply blocking background apps’ ability to take photos.
Some commentators have noted that the feature could have a downside. Anti-theft apps such as Cerberus, which takes a photo of someone when they try to unlock a device and enter the wrong pin, might be affected, though there will likely be ways of whitelisting these applications.
In other Android P news, it was reported earlier this month that the updated OS is being designed to support iPhone X-style notches in upcoming Android handsets.