Ever use your iPhone or iPad to access social media while you’re in the bathroom?
Of course you have. But you might not have realized that you were inviting a potential audience to hang out while you’re doing whatever it is you do in there. That’s because once you grant an app access to your camera, it can snap photos and videos without telling you, whenever it wants to (with both the front and rear cameras), upload the content, locate you with image data, run facial recognition on whatever it sees, and record you – all without a green light to indicate what it’s up to.
No LED, no light, no phone clearing its throat in embarrassment – just you and your quiet buddies, the camera-happy apps.
It’s always been this way. We just didn’t notice. Until, that is, Felix Krause pointed it out.
This is what a bad app (Krause imagines a “messaging app or any news-feed-based app”) could get up to by using regular iPhone/iPad camera permissions:
- Access both the front and rear cameras.
- Take pictures and record videos any time the app is in the foreground.
- Find out where you are using the Exif data embedded in images.
- Upload pictures or videos to the internet.
- Detect facial features or expressions.
- Run real-time face recognition.
Krause’s theoretical bad app could abuse its go-ahead-and-use-the-camera-whever-you-like access wherever you use your device: in your bathroom, in the bedroom… or a gym locker room… or the nursery… or the playground… for similar privacy-invading naughtiness.
If any peeping Toms wanted to weaponize this loophole, you can imagine what would result: something like a pocket-sized version of a hacked webcam.
You’ve heard of the creeps who trick women into taking their webcams into the shower? Given that this privacy loophole subtracts the tedious and not 100% guaranteed success rate of the “talking them into it” part of the equation, and bingo! You could wind up with the perfect stalker app.
What’s that, you say? You never grant camera permissions to apps? HA!
Krause points out that if you’re using a messaging service, like Messenger, WhatsApp, Telegram or anything else…
chances are high you already granted permission to access both your image library and your camera. You can check which apps have access to your cameras and photo library by going to Settings > Privacy.
The only sure way to protect yourself is to put tape (or a webcam cover) over your camera lens, he says, just like we all use on our laptop cameras or other webcams (because you do that, right? Hell, even Mark Zuckerberg applies sticky technology!).
Of course, sticky notes can’t protect you from your device’s microphone recording you without letting you know. If an app can use your mic, then guess what?
It can use your mic.
We don’t know of a modern phone that has either a webcam or a mic LED (nor of a laptop with a mic LED), so this is kind of the way of the world, isn’t it?
Well, the app *could* indicate whether it was recording you… though it might not. As always, it depends on who, or what, you trust.
And when it comes to trust, Apple’s iOS apps don’t tend to grab the headlines as much as Google’s Play store apps when it come to misbehaving (Google’s so keen to clean up the Play store malware muck that it’s now paying bug bounties even on third-party apps), but they’re not immune from jerky apps.
Take, for example, the iOS version of AccuWeather: a researcher recently found that it tracks you even when you explicitly tell it not to.
Sure, it’s always been this way, but it reminded Naked Security’s Mark Stockley of Google’s Your Timeline – something that follows you around, painting a very accurate picture of your daily life, typically without people realizing that they’d ever turned it on.
My laptop has a green light. Even Google glass had a light. My phone does not have a light AFAIK but it never occurred to me before.
We expect a web page to wait for us to click a button before it grabs the data that we’ve put into a form. But it’s a convention, not an actual feature. Only we don’t know that it’s a convention because our mental model is conditioned by the behavior of all other forms in all other contexts, and the presence of a “submit” button.
By convention apps that take a photo have a button you press to use the camera. Our expectation is that WE control the camera via the app, not that the app controls the camera but elects not to exercise that control until we use the button it’s done us the courtesy of rendering.
If only our phones, and laptop mics for that matter, had hard-wired green lights.
How to keep your camera out of your business
While we wait for our green lights, it’s easy enough to change the setting as needed. If an app wants the camera when you’ve blocked it, it will remind you but won’t get access until you go into Settings and change it.
Be careful which apps you trust with the camera or microphone, and shut them down (double-press home and swipe them closed) when not using them. Don’t leave them running in the background.
Naked Security’s Paul Ducklin says he tries to close all running apps on his phone – email, Safari, Twitter and so on – before he “airplanes” it for the night. Doing that means he starts each day with an empty process list of apps. “Less is more,” he says.
Another tip from Paul is to regularly review your apps from the Settings page to see which ones have camera and microphone access. For example, only allowing Twitter to access your camera when you’re ready to tweet pics.
This is what your Settings menu would look like:
But in Twitter, it would be set up like this until you’re ready to grant access:
Finally, we’d be remiss if we didn’t note that Paul trusts the free Sophos Mobile Security iOS app to use his camera. (He uses it to read QR codes because it checks the URLs for malware when it scans code.)
11 comments on “The iOS privacy loophole that’s staring you right in the face”
I’m confused. An app I gave access to has to be in the foreground to use the camera? How is this a surreptitious monitor? I must be missing something.
You download an app – let’s say it’s a instant messaging app – and it asks for a bunch of permissions. One of them is permission to use the camera (perhaps because it allows you to add photos to messages). You agree to the terms.
You use the app routinely, a few minutes here are and there, every hour or so. You never use the photo functionality and you quickly ignore that you allowed it access to your camera.
I’d wager that most people’s mental model of how this works is that _you_ decide when the camera can be used – that the camera is only used when you decide to take a photo and add it to one of your messages. But that isn’t the case, the app decides. Every second the app is in the foreground it can use both cameras on your phone if *it* wants to. It doesn’t have to ask and it doesn’t have to tell you when the camera is in use.
You may have all of that dialled into your head already, and if you do, good for you, but you’re a smarter person than I.
The request for green camera lights on smartphones assumes that they couldn’t be hacked to stay off while recording, as exists the possibility on our laptops.
Of course, but the article is about the consequences of what is allowed *within the rules*. Nothing is subverted other than the user’s mental model (which is a rationally arrived at but incorrect model).
Hacking the hardware, or breaking out of the iPhone jail, is a hugely different level of complexity and sophistication.
AFAIK, the green webcam lights on your laptop doesn’t need to be “hacked” to be turned off independently of the webcam. Either the webcam has an LED hard-wired to the camera (in which case you can only turn them on and off together) or the LED is separately switchable (in which case you can control it on its own).
I have long suspected this kind of problem and routinely hold my iPad with my thumb over the camera that faces me. The other camera is going to be looking at the ground or similar. Not so easy with my iPhone though.
Hi! What do you think about iPhone X and face recognition? I mean, now I have some tape in my front camera and I take it off when I use the camera (same on my laptop) but with the iPhone X face recognition I couldn’t have the tape on because I would use the front camera every time.
Thats one of the things I worry about the iPhone X. Any thoughts?
Is the concern here that you could accidentally record yourself (or others around you) without intending to and potentially send that recording (video or audio) to whoever, or whatever audience is in the foreground? Or are we concerned that someone somewhere could at any time capture audio/video recording from our devices and could potentially do something with it without us ever knowing that a recording was captured?
The concern is that if you grant an app permission to use your camera (you’re typically asked for that sort of permission during installation of the app) then the app can turn on the camera whenever it wants to from then on, provided it’s in the foreground. A developer can write an app that secretly films you without having to hack or subvert the iPhone/iPad in any way.
stupid… nope. the location sure.. but camera?? only in the foreground. so you have to have the app open and not just open but active.. apple makes sure that this is not an option for programmers. c’mon… probably possible with android or unlocked iphone…
Today i saw a green dot lighten up next to the wi-fi icon on the left corner of my iphone 8. I never saw it before. It shocked me, so it meant something i think.
It was during a conversation about hidden obstruction of someone with technology….
Do you know anything about this green led lighted dot on the left on a iphone?