an almost automatic action: when you download a new app to your iPhone or iPad, the system shows all allowances that the software in question requests so that it can function to its satisfaction. We, always confident of the goodwill of all the apps available at Ma's store, grant them permission without thinking twice and often without even analyzing the elements to which the app will now have access.
Today, an experiment by Google engineer and digital security scholar Felix krause (which appeared here recently demonstrating an easy attack to get your Apple ID password) has served to remind us that we should always pay attention to these permissions, especially when we are talking about a particularly sensitive one: access to cameras of devices.
The whole point here is that when we grant this permission to any app, it gets the ability to capture images and videos from all cameras on the device even if the user is not explicitly on an image capture screen or the like. application is active and in the foreground. This, even if you are in a completely different area of the app (like rolling your feed or something), it can theoretically record camera images silently.
Perhaps even more troubling to note is that the permission goes beyond: once granted, as Krause discovered, applications can upload these captured photos and videos to their own servers, make a livestream or even run real-time facial recognition technologies to detect user expressions and moods. Amazing in it?
To prove her point, Krause created a proof of concept in an app suggestively named watch.user; the journalist of Motherboard Lorenzo Franceschi-Bicchierai installed the app on his iPhone and proved that he took pictures of himself as he simply scrolled through a list of updates, with no indication that these actions were happening in the background.
Paralleling Macs, applications for macOS can also do this kind of capture; however, as is well known, Ma computers are equipped with LEDs that light up whenever the camera is active in this way, if an app is capturing your images without telling you, you will know anyway. On iPhone / iPad, there is no indicator light that the camera is in action, so everything can be done muted.
Just to be clear, this is not a bug or a new behavior introduced in a recent version of iOS, but something that has always existed if you are an advanced user or developer, certainly little of what I said here. Still, the reminder is worth it, especially for those unaware of this behavior: You never take for granted the reliability of an application when it asks you for camera access or other sensitive elements of the device. You never know when you might be using one for shady purposes while in the bathroom, after all.
If you are in doubt about which apps you have granted access to cameras, just go to Camera Privacy Settings to check the list of all such apps (and if you wish, revoke access to any of them). Of course, many applications will have their functionality reduced without such permission, but as they say: every choice is a waiver.
tip of @ DestinationBR800