It's worth reminding the average user (who has no idea) that saying yes to give an app permission to your camera, photos library, location, etc, which it asks precisely one time, means it will have full access to those in their entirety at any time as long as you have it.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Developer Warns That Granting iPhone Camera Permissions Allows Apps to Secretly Capture You
- Thread starter MacRumors
- Start date
- Sort by reaction score
It's worth reminding the average user (who has no idea) that saying yes to give an app permission to your camera, photos library, location, etc, which it asks precisely one time, means it will have full access to those in their entirety at any time as long as you have it.
Have you ever sat on the can and looked at the front facing camera in the Camera app? I do it all the time, how do you think I get all my Facebook selfies? Anyway, all you get is a giant head in the frame, not a full body shot. It's not an issue, even if you try to make it into one.
Coming next week: If you grant an app access to your microphone, it might actually record you! Your fart noises are no longer private!
Coming next week: If you grant an app access to your microphone, it might actually record you! Your fart noises are no longer private!
This is a serious issue and Apple should be pressured to respond.
This cannot be simply ignored for later.
This cannot be simply ignored for later.
I always cover my phone assuming someone is looking. There should be some cases developed to have a little door to cover front and back that slides back and forth.
[doublepost=1509035469][/doublepost]This is one of the reasons I don't use Snapchat because it always requires camera access. Delete.
[doublepost=1509035469][/doublepost]This is one of the reasons I don't use Snapchat because it always requires camera access. Delete.
I completely agree. I fail to see how this issue is substantively different from, say, Apple recording me without me being aware. Sure, they sold me a device with a camera. That doesn’t mean I give up control of said camera or Apple should be able to activate the camera any time without my knowledge.
How is this a serious issue? It is only possible while you are actively using the app (it’s not possible while an app is in the background), the iPhone made sure to tell you specifically that the app wanted to use the camera and you have to explicitly give permission for the app to do so. Will some companies maybe use the camera in ways not advertised? Sure, it’s possible, just like it’s possible for a website asking for your password to actually save that password in plaintext and upload it to nefarious websites, or for your browser to do the same.
But also, some people are saying it’ll send live video streams of whatever you are doing to someone on the internet - that would be found super fast, because that app would be using a ton of bandwidth, which is quite closely tracked on phones.
The only possible way (now) to stop uploading data to a server is Airplane Mode, and of course that is not practical. However, it is very easy for a technical person to monitor network traffic and see that a particular app is accessing the network. But if that app is supposed to access the network frequently, it is more difficult to detect malicious activity vs normal activity. Most phone apps are constantly hitting the network so it would be impractical for a user to approve every access.
While an LED on the front AND back would solve the issue, that is a manufacturing issue not likely to happen for such a silly little problem. And something in the status bar would be ugly and cumbersome for the apps that do this constantly, esp. when they hide the status bar or on an iPhone X with very little statSome indication in the Privacy settings that tell you the last time an app used the camera would be quite simple for Apple to implement.
We enable features all the time post App Review.
[doublepost=1509036584][/doublepost]
Someone didnt read the article.
Apple or an app developer can't "activate the camera any time without my knowledge" -- not unless you first give it permission. And the app must be running in the foreground. And you always have the control to revoke that access at any time.
Look - the potential for abuse is there. Sarcasm noted for a few who are shocked that a camera app wants to access the camera. That's not the issue. The issue isn't accessing the camera when it supposed to. It's accessing it when you don't know it is.
Here's the thing. In iOS 1-3 (known then as "iPhone OS"), apps could only get pictures from the user through the standard camera UI/photo picker.
But developers were complaining that it was not flexible enough and that they couldn't customize the view to overlay on stuff on top of the camera view, like custom controls and/or stuff like labels for Augmented Reality, something that was already possible on Android.
So in iOS 4 (released in 2010), Apple added the ability for apps to overlay stuff on top of the camera view.
Ever since then, it has been possible for devs to completely hide the camera view by overlaying something over it.
I don't see any way to prevent that unless Apple removes this ability, which means no more third party camera apps with custom controls and no more AR apps...
And as I mentioned, this was already possible on Android before iOS 4. Why is this suddenly news and why these proofs of concepts only seem to target iOS?
But developers were complaining that it was not flexible enough and that they couldn't customize the view to overlay on stuff on top of the camera view, like custom controls and/or stuff like labels for Augmented Reality, something that was already possible on Android.
So in iOS 4 (released in 2010), Apple added the ability for apps to overlay stuff on top of the camera view.
Ever since then, it has been possible for devs to completely hide the camera view by overlaying something over it.
I don't see any way to prevent that unless Apple removes this ability, which means no more third party camera apps with custom controls and no more AR apps...
And as I mentioned, this was already possible on Android before iOS 4. Why is this suddenly news and why these proofs of concepts only seem to target iOS?
But it doesn't work if the app is running in the background....so prevention would be to simply close the sketchy app you're using, making the underlined completely nonsensical.
To those who posted it's no big deal, consider this sentence from the article:
Now think of the use cases for such data. Apple goes to great lengths to secure Biometric data for a reason, including on the X facial recognition data.
I'm glad this article came up because I just found 2 apps in settings that had access to my camera that I don't use that often so I turned them off.
This would be a good time to check your phone to see who is using your camera and if you should continue to grant access to them.
This would be a good time to check your phone to see who is using your camera and if you should continue to grant access to them.
Still not a big deal. The chances of me downloading and using some shady app that wants to take pictures up my nose while I'm using the app are pretty much zero. As has been said before Android has allowed this for a while too. So where is the outrage there?
Are you also a believer that nothing can happen to you if you stay on a prior iOS when apple issues a new iOS stating fixes security issues? Just curious.
Not another conspiracy story. It's impossible for anyone to get video of you using an app. Apple catches all code like this from ever making it to the App Store. 
In fact it's impossible for anyone to get into your private photos and videos, especially if they're on a cloud server.
In fact it's impossible for anyone to get into your private photos and videos, especially if they're on a cloud server.
I don't know...never say never. LolNot another conspiracy story. It's impossible for anyone to get video of you using an app. Apple catches all code like this from ever making it to the App Store.
In fact it's impossible for anyone to get into your private photos and videos, especially if they're on a cloud server.