Apple has been urged to change the way in which iPhone apps are granted access to the phone’s camera after a security researcher demonstrated how apps can secretly record photos and videos without the user knowing.
Felix Krause, an Austrian developer who works for Google, built an app that was able to take pictures of its user every second and upload them, without notifying the user. He called it a “privacy loophole that can be abused by iOS apps”.
When an app wants to access the camera, for example to scan a credit card or take a profile picture during the set-up process, the iPhone user must give the app permission, in the same way that apps must ask to access the camera roll, location and contacts and to send notifications. Once allowed, it has to be turned off via the settings menu.
Where Do The Richest Americans Live?Mansion Global
Facebook Solves Reload Problem With Browser TweakFacebook Code
The system is similar to the permissions required by apps on Android. Google has recently deleted several apps that surreptitiously recorded users and masqueraded as legitimate apps.
But Krause said that once an app has been granted initial access, it can take photos and videos whenever it is opened up. Unlike on Mac computers, which have a small green light next to the camera when it is being used, there is no indication that an app is recording videos or taking photos, or when it sends them elsewhere.
The iPhone’s camera app permissions do not differentiate between the phone’s front and back camera. Allowing camera permissions can grant extra access in the latest version of iOS, which has a facial recognition engine that could allow apps to detect emotions.
The permissions system is not a bug or a flaw – it works in exactly the way Apple has designed it – but Krause said malicious apps could take advantage of it to surreptitiously record users.
He demonstrated this by building an app that took a photo of the person using it every second, and which also ran a facial recognition program to detect the person using it.
He warned that other apps could monitor users’ emotions as they scroll through a social network news feed, record what they are saying, or live stream video of them in the bathroom as they tap away at a smartphone game.