If you’ve used an iOS device before, you should be familiar with the permission request to access your camera. Plenty of apps will ask for your permission to access the camera on your iOS device. Photography apps, social networking, and even chat apps will need access to your camera so you can take pictures to edit or share with your friends, however, not all apps make use of that permission properly. An engineer from Google, Felix Krause, recently demonstrated how malicious app can make use of the camera permission to secretly take photos and videos of users via the front and back camera.
In Krause’s video, he demonstrates that how the app can capture pictures and videos on the iOS’s device camera discretely; there isn’t any indication at all, no sound and no light. His demonstration is shown on an app he wrote, which also uses face recognition so it can identify the users, and even facial response.
Of course, Apple has a strict app reviewing process that changes from time to time to improve the security, but nothing is perfect, and some bad apps might make it through the reviews. So, what can we do as users? According to Krause, nothing much, unless you wish to cover your phone’s cameras. You can also revoke permission, but it will be a hassle if you use image editing apps or the social network frequently.
The engineer says that Apple could do several things on their end, like offering a way to grant temporary access, show an icon in the status bar that the camera is active, or add an LED to the iPhone’s camera similar to Mac devices that lights up when the camera is in use.
Check out Krause’s blog for more information about the flaw.