If you are an iPhone user, then this new security flaw is going to compromise your privacy.
We all trust Apple and we know they provide top-notch techniques to ensure our security and privacy on all their devices. But recently found out that, any iOS apps with camera permissions can take your photos or record your videos anytime using both front and back iPhone camera.
Felix Krause — an Austrian developer and Google engineer — explained and demonstrated the new startling privacy issue in Apple’s mobile operating system.
In his blog post, Krause mentioned that a simple privacy loophole in camera permission allows malicious iOS apps to access both front and back camera of our iPhone.
Usually, iOS ask us to grant one-time permission to access camera soon after we download apps, like a messaging app or any news-feed-based app, — WhatsApp, Facebook or Snapchat — which can easily track the users face, take pictures, or live stream the front and back camera, without the user’s consent.
Since which is a legitimate reason, permissions system is not a bug or a flaw instead it is a feature, and it works exactly in the way Apple has designed it. But according to Krause, there is a simple privacy loophole in this camera permission could allow any malicious app to silently record users activities.
Krause explains once you grant an app access to your camera, app developers can:
- access both the front and the back camera
- record you at any time the app is in the foreground
- take pictures and videos without telling you
- upload the pictures/videos it takes immediately
- run real-time face recognition to detect facial features or expressions.
Demonstration to show privacy loophole in iPhone:
Krause developed a proof of concept app to showcase how malicious apps are going to take the advantage of the camera permissions to silently take your pictures every second as you use the app.
The problem is, even though you never grant camera permissions to unknown or untrusted apps, still, the malicious app is going to spy on you. Because if you’re using a messaging service, like Messenger, WhatsApp, Telegram or anything else, chances are high you already granted permission to access both your image library and your camera.
And the fact is the app can access camera all without indicating that your phone is recording you and your surrounding, no LEDs, no light or any other kind of indication.
So how to stay safe from this camera privacy loophole?
To really stay protected, first do not let any malicious app enter your smartphone. Always download apps from an official app store and read reviews left by other users about the app and its developer.
According to Krause, only a few things you can do to protect yourself from this privacy problem:
- The only real safe way to protect yourself is using camera covers.
- You can revoke camera access for all apps, always use the built-in camera app, and use the image picker of each app to select the photo.
Krause proposal for Apple to solve the problem:
According to Krause, the root of the problem be fixed, so we don’t have to use camera covers. Apple should :
- Offer a way to grant temporary access to the camera
- Show an icon in the status bar that the camera is active, and force the status bar to be visible whenever an app accesses the camera
- Add an LED to the iPhone’s camera (both sides) that can’t be worked around by sandboxed apps.