Developer Felix Krause was last heard warning iPhone users about the dangers of crooks using simple phishing techniques to get their Apple ID details. He’s now back with another blog post detailing the ways in which apps can abuse camera permissions to secretly record people.
Once a person allows an application to use their camera, it can access both the front and back lens, record them while the app is in the foreground, shoot photos and videos without informing them, upload the media immediately, and run a real-time facial recognition tool. He demonstrated the downfalls of this in a proof-of-concept social media app he made.
Krause’s watch.user application was able to click photos of him while he was browsing and post those pictures in his feed. It could even utilize iOS 11’s vision framework to map a person’s face and track their expressions or mood. In his demonstration, the app matched his facial expression to an emoji.
This may not seem too serious at first, but it could cause serious harm if a malicious app decided to do the same. Plus, it’s just downright creepy that an application could just record an individual without their knowledge. There’s not much a person can do to stop this.
The most obvious step to take would be to stop granting camera permissions altogether. People will have to give up the convenience of taking photos straight from the app for this though, plus it would make playing AR games impossible. Krause suggests the adoption of a camera cover or sticky note, but this again blocks other functionalities.
Krause has informed Apple about the problem, so we’ll have to wait and see whether there are any changes coming. His solutions include granting only temporary access to the camera and showing an icon in the status bar to indicate the camera is active.