Have you ever considered that your iPhone might be watching you? Felix Krause, a developer at Google, says he has found that iPhone apps could theoretically spy on you if given camera permissions.
With an app published on GitHub, Krause illustrated how it’s possible for a malicious app to photograph you at its leisure without you knowing. Granted basic camera permissions, such an app could use either front or rear cameras to capture images and video “behind the scenes” when the app is loaded.
You wouldn’t necessarily see notifications to say that photos are being taken either, and photos could be uploaded immediately to a server outside of Apple’s jurisdiction.
It would also be possible to run real-time face recognition, detecting different facial features or expressions. And it wouldn’t be impossible for a system to run sophisticated face recognition with a retrieved photo, eventually identifying the user.
Krause made this video showing his proof of concept app in action. What you’re seeing is his fake social network scrolling through a newsfeed, and then suddenly up pop photos of the user taken by the app and posted in the background.
“iOS users often grant camera access to an app soon after they download it (e.g., to add an avatar or send a photo),” writes Krause. “These apps, like a messaging app or any news-feed-based app, can easily track the users face, take pictures, or live stream the front and back camera, without the user’s consent.”
So how can you avoid such a situation developing? Covering your camera is the “only real way” to do so; even Mark Zuckerberg covers his laptop camera. You could also revoke camera access for apps, but that will limit the functionality of many applications.
“[T]his is not a bug or something you should be too worried about,” writes Motherboard. “But it’s good to be aware of how much power you’re giving apps when you grant them access to your iPhone’s cameras.”
Also keep in mind that Krause’s app isn’t an approved app in the iTunes App Store. Apple has strict review policies, and hopefully the approval process is able to detect and reject apps that have this type of unethical behavior hidden within.