Lifestyle

Camera-based iPhone apps could be used to spy on you

Developer cautions Apple against a ‘privacy loophole that can be abused by iOS apps'

30 October 2017 - 11:21 By James Titcomb
subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now
Malicious smartphone apps could surreptitiously record users.
Malicious smartphone apps could surreptitiously record users.
Image: 123RF/stokkete

Apple has been urged to change the way in which iPhone apps are granted access to the phone's camera after a security researcher demonstrated how apps can secretly record photos and videos without the user knowing.

Felix Krause, an Austrian developer who works for Google, built an app that was able to take pictures of its user every second and upload them, without notifying the user. He called it a ''privacy loophole that can be abused by iOS apps".

When an app wants to access the camera, for example to scan a credit card or take a profile picture during the set-up process, the iPhone user must give the app permission, in the same way that apps must ask to access the camera roll, location and contacts and to send notifications. Once allowed, it has to be turned off via the settings menu.

The system is similar to the permissions required by apps on Android. Google has recently deleted several apps that surreptitiously recorded users and masqueraded as legitimate apps.

Once an app has been granted initial access, it can take photos and videos whenever it is opened up
Felix Krause, developer

But Krause said that once an app has been granted initial access, it can take photos and videos whenever it is opened up. Unlike on Mac computers, which have a small green light next to the camera when it is being used, there is no indication that an app is recording videos or taking photos, or when it sends them elsewhere.

The iPhone's camera app permissions do not differentiate between the phone's front and back camera. Allowing camera permissions can grant extra access in the latest version of iOS, which has a facial recognition engine that could allow apps to detect emotions. The permissions system is not a bug or a flaw - it works in exactly the way Apple has designed it - but Krause said malicious apps could take advantage of it to surreptitiously record users.

He warned that other apps could monitor users' emotions as they scroll through a social network news feed, record what they are saying, or live-stream videos of them in the bathroom as they tap away at a smartphone game.

Krause said Apple should introduce a system of temporary permissions - one that allows apps to take a picture during the set-up process, but revokes it after a period of time - or to introduce a warning light or notification to the iPhone that tells people when they are being recorded. - The Daily Telegraph

• This article was originally published in The Times.

subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now

Most read

  1. 'Planet vs Plastic': Woolworths takes another bold step to sustainability Lifestyle
  2. Two new Chinese car brands enter SA Lifestyle
  3. Price and position crucial to success of Kia’s bakkie in SA Lifestyle
  4. South African Photographer of the Year showcases SA’s stunning natural heritage Lifestyle
  5. Birding for beginners II: ticking off the treasures of the Klein Karoo Travel

Latest Videos

‘Bring back Arthur Zwane to finish the season,’ says Chiefs legend Fani Madida: ...
'President has to intervene in Gupta extradition': Shamila Batohi