Once a user grants access to the camera, the app can use it without the user's consent

Originator:KrauseFx
Number:rdar://35116272 Date Originated:October 23 2017
Status:Open Resolved:Nope
Product: Product Version:
Classification: Reproducible:
 
Summary:
Once a user grants an app access to your camera, it can
- access both the front and the back camera
- record you at any time the app is in the foreground
- take pictures and videos without telling you
- upload the pictures/videos it takes immediately
- run real-time face recognition to detect facial features or expressions

Without telling the user when doing so.

Full blog post available on https://krausefx.com/blog/ios-privacy-watchuser-access-both-iphone-cameras-any-time-your-app-is-running

Steps to Reproduce:
Build an app that requests camera access and then access the camera any time without telling the user, see sample project https://github.com/KrauseFx/watch.user for the most up to date code

Expected Results:
The user should have control over when the camera is recoding.

Some ways to fix this:
- Offer a way to grant temporary access to the camera (e.g. to take and share one picture with a friend on a messaging app), related to detect.location.
- Show an icon in the status bar that the camera is active, and force the status bar to be visible whenever an app accesses the camera
- Add an LED to the iPhone’s camera (both sides) that can’t be worked around by sandboxed apps, which is the elegant solution that the MacBook uses

Actual Results:
The app can record the user any time the app is in the foreground

Version/Build:
11.0

Configuration:

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!