I can see your point on some apps, such as Google Authenticator, which is why I grant then revoke when done. I think this article really makes a point of how clueless most users are; they simply grant access without thinking.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Developer Warns That Granting iPhone Camera Permissions Allows Apps to Secretly Capture You
- Thread starter MacRumors
- Start date
- Sort by reaction score
the proof of concept would be submitting his app to the appstore, getting it accepted and then showing it is still working. instead, it is much easier to to al lkind of stuff with a side-loaded rogue home made app. and generating publicity around yourself. the second time already
Are you freaking serious? I am asking this as a serious question. Do you understand what a smartphone is, that an image picture taken from the camera is nothing but data and how all this connects to the internet?
This is the biggest non-story and waste of Google time to create a non-event in the life of Google. And that is saying something.
They should. It’s essentially spying and recording underage nudity, which ultimately thay have possession.
Whats to stop some pervert like jarrod from subway creating a kids app for this sole purpose masked as somerhing else.
There's several issues.
This seems to be a design flaw with Apple's approach to cameras on iOS devices. No indication that the camera is in use is the big one. And as more and more people come into the iOS camp, at every age level, there's going to be an increase in malicious apps. Despite their best efforts, Apple will not be able to catch every single one, and alternative, non-vetted, app stores will pop up eventually to server the growing demand for apps.
And think about iPads and Apple Watches (once they gain camera functionality)... two more possible vectors for misusing cameras by malicious developers.
[doublepost=1509027799][/doublepost]
But it's a very clear indication that the camera is in use. iOS now has picture-in-picture views, which would be perfect for this type of thing. If an app does not display the camera image anywhere on screen, then iOS could force open a picture-in-picture every time the camera is active.
Some people really don't understand that if you grant camera access to an app, and that app is running in the foreground, that app can potentially capture photos and do something with them?
Know your apps. And don't grant camera access to apps/developers you don't feel comfortable with.
Know your apps. And don't grant camera access to apps/developers you don't feel comfortable with.
Of course, but anyone should realize that if you are granting an app access to your camera it can, theoretically, access it almost any time. It's like if I trust someone with a key to my home, it's not like the key will only work when I tell it to. You either have to trust the app developers or cover your cameras with tape.
I don't want to use the word "paranoid" but anyone who has serious concerns about privacy and doesn't trust anyone probably shouldn't own a cell phone. When you get right down to it, it's a device that is designed to capture audio and visual information, transmit and receive information, and report its location.
iOS11 displays a mini-screen shot to the lower left of the ; Apple could presumably invoke a high level camera response in the system software anytime the camera is accessed that shows a mini camera view on top of whatever the active app (maybe in the lower left so it doesn't obstruct an app) to show that that the camera is active and which one is in use (forward or rear). This would be similar to the view of yourself when doing a FaceTime call.
If the user sees window and did not want their picture/video captured , they could immediately close the malicious app.
Additionally, Apple could allow the user to touch the displayed mini-image (which could be capturing/sending live data to the malicious app) and when the displayed mini-image is touched, the mini-image grows to almost completely cover the screen and includes system-level software buttons, one of which says "turn off camera"? If pressed, the cameras turn off (in the active app) and the user can continue to stay in the app (assuming they still get value from the App but don't like the camera capturing them without their explicit consent).
Another software button in the camera mini-system-app might says "use camera, close this window"; to this, the app would continue running the camera but get rid of the visual obstruction of the mini-camera window.
The user could be offered to let the app use the camera (1) only when in the app, or (2) in the background (allowing the user to go to a different app but let the camera continue capturing info if the user and app developer want that experience.
Did the developer also warn that allowing people access to water may make them wet?
What if the point of the app is to act as a trip camera? The last thing you want (animal photography for example) is to have any notification.
There is no story here.
I’m not going to act as if I understand the coding that is behind all of this, because I don’t.
However, they are two separate acts - the camera possibly being active and the uploading of the data to an off-the-device location.
So, to the layperson - there is no way possible to only limit the uploading of data to an action physically initiated by the user?
Idk why people are so negative about a basic PSA. He didn't attack apple or their practices. He is just proving suggestions on how he things the permission system can be better. You know, especially for the 90% of Iphone users who aren't tech savy and probably will be downloading shady apps.
Surely, if you don't trust an app enough to not be taking pictures of you, what the hell is it still doing on your phone?
Careful, I said as much during the last few TOS related posts about how nobody has any privacy, even here on this very forum. People went nuts. You can’t take away their illusion, reality doesn’t sit well lol.
Everything you do is monitored. Anywhere you go, the govt could easily locate you in minutes. There literally is no privacy. I don’t care what apps take my photos, street cams walking outside at the stop lights do too.
Prodded by this post, I looked at my Privacy.Photos history:
And found (all turned off):
Yes, they were all denied when asked, but there is no reasonable use case where access to my photos library should have been requested.
And found (all turned off):
- WSJ
- Scan
- Target
- Walgreens
Yes, they were all denied when asked, but there is no reasonable use case where access to my photos library should have been requested.
If you read the article you would know that this is already the case, i.e. apps can ONLY access the camera when in the foreground.
No, it's in fact very unlikely that Facebook is already doing this or that they would do it.
Yes it does. What they are suggesting is that ANY capture of image data MUST be displayed somewhere on screen while it happens. Although this is, as other people explained, not really possible to enforce in a meaningful way.
It's the same on Android and Windows as well.
Seems to me that the easiest way forward would be to split the camera permissions into two. One for the rear camera, which many apps need even if just as a one-off to scan a QR code, and one for the front camera.
That is already the case. An app can't use the camera while in the background, ever.
[doublepost=1509034282][/doublepost]
I think you are confusing two different Uber issues. Uber was secretly tracking people, without Apple's permission, until they got caught. Apple granted Uber permission to capture screen shots in the background so they could send a map image to an Apple Watch. Nothing nefarious was discovered about that and they have since stopped doing it.