It will be honestly as simple as turning the top status bar red whenever the camera API is in-use ... similar to when an iOS 11 screen recording is occuring.
It can continue to use the camera even after the intended use is done and over. For instance from the Facebook app you take a pic to post. But if Facebook wanted to be evil that allows the app to continue recording images that you would not have explicitly authorized and continue doing so minute by minute with no way for a user to know it was happening. That's what he brought to Apple's attention. The camera permission does not restrict the camera use to only what the user would intend to grant it.
Err, if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?
Well an obvious example would be if you did not intend for it to be surreptitiously taking a photo of you and your surroundings while your were using it, or while reading a news item in the feed not have any idea it was video-recording your reaction to it.
You didn't answer the question. 'if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?'
You simply gave another off=the=wall hypothetical like: I discovered a new use for baseball bats. To break windows!!!! We should design baseball bats to know when they are being used to break a window and turn to water.
OK try this one. You're reading some Facebook posts. At the same time Facebook is secretly video-recording your reaction to them since you did give Facebook permission to use your camera every time you open their app. Would that be an intended use of yours or an unintended one? I believe that answers your question sir.
You’re becoming desperate. I felt someone should tell you.
You’re dense. If I’m in the Facebook app and using the built in camera to take a picutre to post, that is an intended use of the camera and microphone in the app. Once I’m done taking the picture and exit the camera app to resume reading other posts I DO NOT want the Facebook app to access the camera or microphone anymore. Any use of the camera or microphone outside of using the built in camera app, for me at least, is unintended access. Maybe you don’t care about this, but other people do because I want to know when the camera and microphone is being used in the background.
So majority of people in this forum TRUST not just Apple, but ALSO THIRD PARTY developers 100%. Trusting Apple and the built-in iOS apps - I can understand. Trusting unknown third party developers without even an iota of doubt??? Sounds insane to me. Hopefully, Apple does NOT think like AI forum members and see what can be done to prevent a rogue Third Party developer from misusing the Permissions granted by end-users.
Apple does that since the very beginning with AppStore. Such an inappropriate camera use cannot escape AppStore review process. Does that guy really believes that Apple engineers are idiot to not think about that and as a bright young urban entrepreneur he is the first to figure it out?
Nobody in this forum talked about AppStore review process "preventing" it from happening so far. Everyone was ABSOLUTELY FINE with "inappropriate camera use" for reasons known only to them.
So what? The topic is not the mood of forum members.
It can continue to use the camera even after the intended use is done and over. For instance from the Facebook app you take a pic to post. But if Facebook wanted to be evil that allows the app to continue recording images that you would not have explicitly authorized and continue doing so minute by minute with no way for a user to know it was happening. That's what he brought to Apple's attention. The camera permission does not restrict the camera use to only what the user would intend to grant it.
Err, if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?
Well an obvious example would be if you did not intend for it to be surreptitiously taking a photo of you and your surroundings while your were using it, or while reading a news item in the feed not have any idea it was video-recording your reaction to it.
You didn't answer the question. 'if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?'
You simply gave another off=the=wall hypothetical like: I discovered a new use for baseball bats. To break windows!!!! We should design baseball bats to know when they are being used to break a window and turn to water.
OK try this one. You're reading some Facebook posts. At the same time Facebook is secretly video-recording your reaction to them since you did give Facebook permission to use your camera every time you open their app. Would that be an intended use of yours or an unintended one? I believe that answers your question sir.
You’re becoming desperate. I felt someone should tell you.
You’re dense. If I’m in the Facebook app and using the built in camera to take a picutre to post, that is an intended use of the camera and microphone in the app. Once I’m done taking the picture and exit the camera app to resume reading other posts I DO NOT want the Facebook app to access the camera or microphone anymore. Any use of the camera or microphone outside of using the built in camera app, for me at least, is unintended access. Maybe you don’t care about this, but other people do because I want to know when the camera and microphone is being used in the background.
The camera and microphone cannot be used in the background in iOS.
It can continue to use the camera even after the intended use is done and over. For instance from the Facebook app you take a pic to post. But if Facebook wanted to be evil that allows the app to continue recording images that you would not have explicitly authorized and continue doing so minute by minute with no way for a user to know it was happening. That's what he brought to Apple's attention. The camera permission does not restrict the camera use to only what the user would intend to grant it.
Err, if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?
Well an obvious example would be if you did not intend for it to be surreptitiously taking a photo of you and your surroundings while your were using it, or while reading a news item in the feed not have any idea it was video-recording your reaction to it.
You didn't answer the question. 'if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?'
You simply gave another off=the=wall hypothetical like: I discovered a new use for baseball bats. To break windows!!!! We should design baseball bats to know when they are being used to break a window and turn to water.
OK try this one. You're reading some Facebook posts. At the same time Facebook is secretly video-recording your reaction to them since you did give Facebook permission to use your camera every time you open their app. Would that be an intended use of yours or an unintended one? I believe that answers your question sir.
That’s just another hypothetical. No, I believe his question was how the platform would distinguish between intended and unintended. Which this fear piece is suggesting it should.
So majority of people in this forum TRUST not just Apple, but ALSO THIRD PARTY developers 100%. Trusting Apple and the built-in iOS apps - I can understand. Trusting unknown third party developers without even an iota of doubt??? Sounds insane to me. Hopefully, Apple does NOT think like AI forum members and see what can be done to prevent a rogue Third Party developer from misusing the Permissions granted by end-users.
I trust the app store code review process. I have almost a decade of reasons to trust the process and no reasons not to.
Have to agree with most of the posters who feel this is being overblown. Fundamentally, if a device has a capability or functionality, the use of that functionality is at the discretion of the app. iOS ensures that users much actively give permission for apps to acces the camera, etc. Beyond that, you must ultimately have some degree of trust and confidence in what the app itself is doing. The article states that this is only an issue if the app is running in the foreground, so the only potential issue I can see is if you have an app that you legitimately give permissions to that then proceeds to exceed the expected use.
Short of asking for permission every time the camera is used, I can’t think of any feasible way for the OS to distinguish between expected use and unexpected use, meaning the LED suggestion would be the only solution, and even that would be far from perfect. Does anyone know how many other smart phones have ‘on’ LEDs for their cameras? I’m bettting most don’t meaning this would be an equal problem for all other devices, too.
It will be honestly as simple as turning the top status bar red whenever the camera API is in-use ... similar to when an iOS 11 screen recording is occuring.
It can continue to use the camera even after the intended use is done and over. For instance from the Facebook app you take a pic to post. But if Facebook wanted to be evil that allows the app to continue recording images that you would not have explicitly authorized and continue doing so minute by minute with no way for a user to know it was happening. That's what he brought to Apple's attention. The camera permission does not restrict the camera use to only what the user would intend to grant it.
Err, if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?
Well an obvious example would be if you did not intend for it to be surreptitiously taking a photo of you and your surroundings while your were using it, or while reading a news item in the feed not have any idea it was video-recording your reaction to it.
You didn't answer the question. 'if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?'
You simply gave another off=the=wall hypothetical like: I discovered a new use for baseball bats. To break windows!!!! We should design baseball bats to know when they are being used to break a window and turn to water.
OK try this one. You're reading some Facebook posts. At the same time Facebook is secretly video-recording your reaction to them since you did give Facebook permission to use your camera every time you open their app. Would that be an intended use of yours or an unintended one? I believe that answers your question sir.
You’re becoming desperate. I felt someone should tell you.
You’re dense. If I’m in the Facebook app and using the built in camera to take a picutre to post, that is an intended use of the camera and microphone in the app. Once I’m done taking the picture and exit the camera app to resume reading other posts I DO NOT want the Facebook app to access the camera or microphone anymore. Any use of the camera or microphone outside of using the built in camera app, for me at least, is unintended access. Maybe you don’t care about this, but other people do because I want to know when the camera and microphone is being used in the background.
What "Camera App"? You NEVER exited the "Camera App". You NEVER left the Facebook App.
It can continue to use the camera even after the intended use is done and over. For instance from the Facebook app you take a pic to post. But if Facebook wanted to be evil that allows the app to continue recording images that you would not have explicitly authorized and continue doing so minute by minute with no way for a user to know it was happening. That's what he brought to Apple's attention. The camera permission does not restrict the camera use to only what the user would intend to grant it.
Err, if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?
Well an obvious example would be if you did not intend for it to be surreptitiously taking a photo of you and your surroundings while your were using it, or while reading a news item in the feed not have any idea it was video-recording your reaction to it.
You didn't answer the question. 'if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?'
You simply gave another off=the=wall hypothetical like: I discovered a new use for baseball bats. To break windows!!!! We should design baseball bats to know when they are being used to break a window and turn to water.
OK try this one. You're reading some Facebook posts. At the same time Facebook is secretly video-recording your reaction to them since you did give Facebook permission to use your camera every time you open their app. Would that be an intended use of yours or an unintended one? I believe that answers your question sir.
You’re becoming desperate. I felt someone should tell you.
It's hardly desperate, it's an example of how the current situation can be a problem. Imagine if every time you opened the Facebook app it started recording from the cameras, without you knowing. Are you saying you would okay with that? I'm honestly surprised that so many people here, in a group that is usually so supportive of privacy, seem utterly unconcerned about the possibility of being watched without consent.
It can continue to use the camera even after the intended use is done and over. For instance from the Facebook app you take a pic to post. But if Facebook wanted to be evil that allows the app to continue recording images that you would not have explicitly authorized and continue doing so minute by minute with no way for a user to know it was happening. That's what he brought to Apple's attention. The camera permission does not restrict the camera use to only what the user would intend to grant it.
Err, if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?
So if I have facebook up and no intention of using the camera, could this malicious code be using the camera anyways without any indication it is doing so?
Sounds like it. Also sounds like someone would need to get an update through the app store with the malicious code so this is much ado about nothing.
The answer is no. If you have no intention of using the camera with the Facebook app, you would have denied it access to the camera.
It can continue to use the camera even after the intended use is done and over. For instance from the Facebook app you take a pic to post. But if Facebook wanted to be evil that allows the app to continue recording images that you would not have explicitly authorized and continue doing so minute by minute with no way for a user to know it was happening. That's what he brought to Apple's attention. The camera permission does not restrict the camera use to only what the user would intend to grant it.
Err, if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?
Well an obvious example would be if you did not intend for it to be surreptitiously taking a photo of you and your surroundings while your were using it, or while reading a news item in the feed not have any idea it was video-recording your reaction to it.
You didn't answer the question. 'if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?'
You simply gave another off=the=wall hypothetical like: I discovered a new use for baseball bats. To break windows!!!! We should design baseball bats to know when they are being used to break a window and turn to water.
OK try this one. You're reading some Facebook posts. At the same time Facebook is secretly video-recording your reaction to them since you did give Facebook permission to use your camera every time you open their app. Would that be an intended use of yours or an unintended one? I believe that answers your question sir.
You’re becoming desperate. I felt someone should tell you.
It's hardly desperate, it's an example of how the current situation can be a problem. Imagine if every time you opened the Facebook app it started recording from the cameras, without you knowing. Are you saying you would okay with that? I'm honestly surprised that so many people here, in a group that is usually so supportive of privacy, seem utterly unconcerned about the possibility of being watched without consent.
No one is saying they are OK with that. It would create a firestorm for Facebook. But what is Apple supposed to do about it? If you don't trust Facebook to use the camera appropriately, say no when it asks permission to access the camera. If you do trust Facebook, then say yes, but realize that it can access the camera whenever it's open. This is not rocket science, and we didn't need some Googler to reveal this to us. I think most of us know how permissions work.
Ok, while I completely disagree with this guy's assertion, I do think he's onto something in a general sense.
I am very happy that Apple hard wires a green status light to the use of the camera on all MacBooks. I've never felt the need to cover my camera with taps (like my colleagues and, reportedly, Mark Zuckerberg do), because I know that if somehow my camera is activated, I'll know it. Having at least at option for that on iPhones and iPads would be a nice feature. If Apple had that, I expect the chorus here would be raving about how Apple cares about privacy and Google doesn't.
The "permissions" angle is a red herring. The "it's impossible to know for sure if/when your phone (be it an Apple or Android device) is taking pictures or recording video" fact is an opportunity for improvement.
airnerd said: I do trust Apple to validate the code the apps are trying to release onto my phone or tablet. It all comes back to the Apple approval process ...
One trick developers could use is to submit an app with certain features disabled until a date in the future. When Apple evaluates the code it may seem legitimate but after a couple weeks the nefarious features become activated. Fortunately there are lots of smart people out there constantly looking at apps to figure out when something is fishy. Evil developers don't get away with their shenanigans for long.
macplusplus said: The camera and microphone cannot be used in the background in iOS.
The phone app can use the microphone while in the background and I assume that Facetime can continue to use the camera while some other app is in the foreground. Not sure what capabilities third party apps like Skype are capable of. There are a few different states that an app can be in: running, not running, in the foreground, in the background, push notifications, etc.
macplusplus said: The camera and microphone cannot be used in the background in iOS.
The phone app can use the microphone while in the background and I assume that Facetime can continue to use the camera while some other app is in the foreground. Not sure what capabilities third party apps like Skype are capable of. There are a few different states that an app can be in: running, not running, in the foreground, in the background, push notifications, etc.
The phone app and FaceTime run with System privileges, not user privileges.
It can continue to use the camera even after the intended use is done and over. For instance from the Facebook app you take a pic to post. But if Facebook wanted to be evil that allows the app to continue recording images that you would not have explicitly authorized and continue doing so minute by minute with no way for a user to know it was happening. That's what he brought to Apple's attention. The camera permission does not restrict the camera use to only what the user would intend to grant it.
Err, if the app is in foreground then it is actively used. How would you distinguish between "intended" and "unintended" use?
So if I have facebook up and no intention of using the camera, could this malicious code be using the camera anyways without any indication it is doing so?
Sounds like it. Also sounds like someone would need to get an update through the app store with the malicious code so this is much ado about nothing.
The answer is no. If you have no intention of using the camera with the Facebook app, you would have denied it access to the camera.
You're missing what I'm saying, I grant access to my camera so I can use it and photos. But that doesn't mean i give it permission to capture any time I have facebook open.
Comments
Why do you feel the facebook app is spying on you? What evidence do you put forth?
Short of asking for permission every time the camera is used, I can’t think of any feasible way for the OS to distinguish between expected use and unexpected use, meaning the LED suggestion would be the only solution, and even that would be far from perfect. Does anyone know how many other smart phones have ‘on’ LEDs for their cameras? I’m bettting most don’t meaning this would be an equal problem for all other devices, too.
I am very happy that Apple hard wires a green status light to the use of the camera on all MacBooks. I've never felt the need to cover my camera with taps (like my colleagues and, reportedly, Mark Zuckerberg do), because I know that if somehow my camera is activated, I'll know it. Having at least at option for that on iPhones and iPads would be a nice feature. If Apple had that, I expect the chorus here would be raving about how Apple cares about privacy and Google doesn't.
The "permissions" angle is a red herring. The "it's impossible to know for sure if/when your phone (be it an Apple or Android device) is taking pictures or recording video" fact is an opportunity for improvement.
The solution is kind of technical... but I call it electrical tape.
—
I’m all for Google engineers trying to hack Apple devices, and vise versa. Then, publicizing their finding to embarrass the other party.
It makes everyone focus on security, and us safer.