Mark Zuckerberg does the same thing with his devices. That should tell people something.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Developer Warns That Granting iPhone Camera Permissions Allows Apps to Secretly Capture You
- Thread starter MacRumors
- Start date
- Sort by reaction score
Mark Zuckerberg does the same thing with his devices. That should tell people something.
Don't iOS apps first go through some extensive scrutiny before being approved to be on the App Store??
This isn't Google Play Store where quantity over quality reigns supreme.
This isn't Google Play Store where quantity over quality reigns supreme.
In theory, yes. Given the sheer quantity of apps submitted for review though, there are bound to be some that get through the review process without being properly analyzed.
Some talented developers are probably skilled enough to mask remote recording functionality without the reviewers noticing.
I know it only works when the app is in the foreground. I'm saying Apple can't prevent it when using the app unless they remove the functionality that lets apps do AR and overlay custom controls over the camera view.
Why would they? Surely this can be handled via automatic code reviews that check to see A) is the camera running, if so B) is it being served to the most forward facing GUI element? If A is yes and B is no, reject the app or demand a technical explanation from the developer before it can make any more progress towards the app store.
That doesn't seem too hard.
It is, unfortunately. There are developers clever enough to mask their intentions in the code. A reviewer might miss where data is being streamed from the camera being used as the input.
There are ways to bury things like this deep in plain C code where a reviewer would not know where to look, in a way that can thwart automatic code scanning.
Lots of people saying that this isn’t a problem, that you already have given the app permission to use the camera. The implication is that it’s is possible for an app take a picture that you are unaware it is taking and sending it somewhere other than where the app states it would send it.
And yes, I would have a problem with that sort of permitted use just because I said that the app could access the camera.
And yes, I would have a problem with that sort of permitted use just because I said that the app could access the camera.
Developers can mask whatever they want, but if you've written a testing mechanism that specifically listens for the camera stream APIs then it doesn't matter if a human misses it, you'll get a big flag stating that the camera feed is active. That's all I was getting at, there are only a few ways to launch the camera and still get in the App Store. Apple already uses automatic code detection for any non-public APIs, this would just be an additional test. I don't know of any way to pull up the camera feed that isn't a public API...no idea how they would do it in C without flags coming up all over the place during the existing (read, not implementing my suggestion) code reviews.
That said, I really haven't looked that hard into it, do you have any links to a proof of concept for alternative ways to initiate and read from the camera?
Tap-happy people launching newly-installed apps without understanding the consequences. Children, elderly, etc.
I believe the onus is on Apple to keep users safe from themselves.
Apple should add the option "While using the app" for all privacy items
This has been the case for... lets see... forever (ios5 or so). Why does this surprise anyone? Here are a few more examples:
From the Apple docs:
"After the user grants permission, the system remembers the choice for future use in your app, but the user can change this choice at any time using the Settings app." (link)
- You grant an app access to your photos... surprise... that app could then copy to the cloud any photos you have taken every time you run the app.
- You grant an app access to your contacts... surprise... that app can now copy to the cloud all your contacts every time you run the app.
- You grant an app access to your location information... surprise... that app can now copy to the cloud your location information every time you run the app (or even in the background if you grant permission for that).
From the Apple docs:
"After the user grants permission, the system remembers the choice for future use in your app, but the user can change this choice at any time using the Settings app." (link)
I think there are a few issues here.
Firstly I was not aware that granting an app access to my camera (and photos) allowed that app to upload photos to the cloud without explicit permission - for example Facebook I did not think that allowing Facebook access to my photos was allowing facebook to upload any photos in my camera roll and not just the photos I chose to upload to Facebook.
Secondly granting access to the camera to allow me to take a photo was not in my mind the same as allowing an app to use the camera (and upload photos without my explicit permission) whilst I was using the app even if I am not using the camera within the app. For example I have the Stocard app which is used to store (primarily) loyalty card numbers - it gets them by taking an image of your card using the camera. On this basis every time I use the app to use the loyalty card the app could be using the camera. The same goes for Facebook - I could have that open posting stuff and the camera could be taking images/video and I would have no idea.
The big issue in this is what apps can do with photos that I don't explicitly tell them to upload somewhere.
Firstly I was not aware that granting an app access to my camera (and photos) allowed that app to upload photos to the cloud without explicit permission - for example Facebook I did not think that allowing Facebook access to my photos was allowing facebook to upload any photos in my camera roll and not just the photos I chose to upload to Facebook.
Secondly granting access to the camera to allow me to take a photo was not in my mind the same as allowing an app to use the camera (and upload photos without my explicit permission) whilst I was using the app even if I am not using the camera within the app. For example I have the Stocard app which is used to store (primarily) loyalty card numbers - it gets them by taking an image of your card using the camera. On this basis every time I use the app to use the loyalty card the app could be using the camera. The same goes for Facebook - I could have that open posting stuff and the camera could be taking images/video and I would have no idea.
The big issue in this is what apps can do with photos that I don't explicitly tell them to upload somewhere.
How can they? If the app asks for permission to access your camera and you say yes, how does Apple protect you from it using your camera?
Hey, remember last Tuesday around 8:32pm? Could you please never do that again? Thanks.
You give an app permissions to access you photos/contacts/camera/location/etc. By granting that application permission to this information, you are now TRUSTING that the app will use that information appropriately. The app is not restricted in any way in what it can now do with that information. It may post the photo to instagram like you expect, it may draw a mustache on it and post the photo to snapchat like you expect... but once you grant the permission, there is nothing that restricts what the app can do with that information. In one app copying a photo to dropbox may be expected behavior, in another app that may be something nefarious... Apple has no easy way of knowing. Ultimately you have no way of knowing either. You are having to trust the app to treat your information carefully. You should never grant that kind of permission lightly.
Should third party app be allowed to use true depth api to take portrait from front cam? coz in that way they can figure out to record you face and its depth info. Do you want your unique face be hacked?
I don’t care if people want to see my...Some yahoo is going to hide some code in an app to detect when someone is running around in their birthday suits and then upload the pictures. Then, of course, Apple will get blamed for it for not screening the app properly and it will be an awful mess with a lot of hurt people.
[doublepost=1509058556][/doublepost]I’m going to depermission all of my apps and cameras. I’ll post directly from photos app rather than providing open access.
I didn't read the article, but is he some how suggesting that Android app devs are less malicious than iPhone application developers? Or is his bias apparent in the fact that his article ignores this can happen on any phone since the creation of a smart phone with a front facing camera?
In other news, water is wet. I give apps the fewest permissions possible and understand fully that any app that has camera access can use that camera for malicious purposes.
With that being said I don’t understand why Apple doesn’t have something in place so users can monitor what’s happening similar to the way iOS handles apps that are battery hogs or that have accessed location services. There should be an easy way to see and monitor which apps have used the camera or have recorded video recently. If you see an app that’s been using the camera when you don’t think it should’ve been you could quickly revoke permissions and contact the devs and/or alert Apple.
Further isn’t this something Apple should be looking at during the approval process for apps that want camera access?
With that being said I don’t understand why Apple doesn’t have something in place so users can monitor what’s happening similar to the way iOS handles apps that are battery hogs or that have accessed location services. There should be an easy way to see and monitor which apps have used the camera or have recorded video recently. If you see an app that’s been using the camera when you don’t think it should’ve been you could quickly revoke permissions and contact the devs and/or alert Apple.
Further isn’t this something Apple should be looking at during the approval process for apps that want camera access?
My point remains valid. The problem isn't developers, the problem is Apple. Apple allow deceptive and dishonest behaviour from developers, but promote the app store as 'safe' and make a big deal about protecting privacy.
They don't.
When a photographer asks to take my picture, he hasn't "secretly photographed me". He's done exactly what he said he was going to do and I actively allowed it.
This might be a big deal if the phone's screen was off, or if the app didn't have to be running, or if there wasn't an app store review team, or there was no ability to switch off malicious apps.
Meanwhile if you use Google Photos you've granted them unrestricted access to your whole photo library, even letting them keep a copy of all of those photos locally. How is that not more concerning?
This might be a big deal if the phone's screen was off, or if the app didn't have to be running, or if there wasn't an app store review team, or there was no ability to switch off malicious apps.
Meanwhile if you use Google Photos you've granted them unrestricted access to your whole photo library, even letting them keep a copy of all of those photos locally. How is that not more concerning?