One of the privacy features of iOS is that apps are required to ask permission if they want to access things like your photos, camera and location. But a Google engineer has created a demo app to show how a rogue app could abuse permissions to surreptitiously photograph you as you use the app – or even livestream video from your front or rear cameras.
The issue, says Felix Krause, is that users are asked to grant blanket permission. There may be a legitimate-seeming reason for an app to request access to your camera, to take a photo within the app, but it is then able to shoot photos and video anytime it is in the foreground without alerting you in any way …
The demo app he wrote shows a social networking app asking permission to access your camera to allow you to upload a photo, and then taking photos and video without notice while you are simply scrolling through the feed. You can see this in action in the video below.
He also describes how facial recognition could be used to identify you, and even use facial expression analysis to measure your emotional response to things like ads displayed in the feed. This is again demo’d in the app. His app explains how the camera will be used, but a rogue app could obviously make an innocuous statement.
The weakness he describes is kind of obvious: once you grant permission to access the camera, then the app by definition can use it whenever it’s in the foreground. Apple’s app review process should detect rogue apps, so the risk is relatively low.
That said, the app review process isn’t perfect. We’ve already seen, for example, how Uber was able to track the locations of users after a ride ended in a similar abuse of permissions. Krause suggests a couple of options to close the loophole.
Offer a way to grant temporary access to the camera (e.g. to take and share one picture with a friend on a messaging app) [or] show an icon in the status bar that the camera is active, and force the status bar to be visible whenever an app accesses the camera.
A variation on this theme would be to require apps to make a shutter sound when taking a photo.
He also offers a third proposal: using a Mac-style LED on the front of the phone which lights up when the camera is in use. But with Apple already replacing a full-width iPhone ‘forehead’ with a notch in the iPhone X, and doubtless aiming to remove it altogether in time, I think that ship has sailed.
Would you like to see one of the protections he suggests, or are you happy to leave it to the app review process to detect rogue apps? Let us know your views in the comments.