Facebook app accesses iPhone camera without user's knowledge

Posted:
in iOS edited November 2019
Facebook is misusing the camera on the iPhone, with the app turning it on while users view their feed for reasons unknown.




The way the iOS Facebook app mismanages the iPhone's camera has been uncovered, one which may be a privacy risk. The app is shown to be using the camera on the iPhone while the user is browsing the app, even if they are not actively taking a photograph or performing some other task with any of the imaging sensors.

Posted to Twitter by Joshua Maddux and reported by The Next Web, opening a photo in the iOS app and swiping down will show a sliver of a live camera feed on the left-hand side of the display. Maddux has been able to reproduce the problem on five different iPhones running iOS 13.2.2, with the issue successfully reproduced by others.

Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl

-- Joshua Maddux (@JoshuaMaddux)


While a potential issue, the camera only appears in this way if the iPhone is running iOS 13.2.2, as earlier iOS releases were unaffected. It also seems to only occur if the user has previously given Facebook permission to use the cameras, as otherwise it is blocked by the operating system.

Facebook has yet to comment about the discovery, but given the limited circumstances for it to manifest, it is likely the social network will play it off as a bug. It is plausible for Facebook to argue it needs to preemptively access the camera so it can be immediately available when the user actually needs it, rather than waiting for the camera to load.

While the situation may be innocent in nature, privacy critics of Facebook may consider it to be a more sinister issue.

In October 2017, it was demonstrated a malicious iOS app could feasibly spy on the user by recording from both front and rear iPhone cameras without their knowledge while they performed other functions in the app. The proof-of-concept app did require users to accept the request for camera access, but the concept app was constructed primarily to see how far the granted permissions could be pushed.

Facebook is also still recovering from the Cambridge Analytica scandal that cost it $5 billion and changes to its operation to make it more accountable for privacy-related decisions.
«1

Comments

  • Reply 1 of 39
    Facebook needs to be shut down and zuckerburg should be in the gray bar hotel!
    cornchipSpamSandwichmagman1979lostkiwicat52whiteappleCarnagewatto_cobra
  • Reply 2 of 39
    MacProMacPro Posts: 19,697member
    Gosh what a surprise.
    cy_starkmanchiarazorpitcornchipkuraidysamoriadewmeSpamSandwichjahblademagman1979
  • Reply 3 of 39
    sdw2001sdw2001 Posts: 18,012member
    Yeah, that's the least of my concerns about Facebook.  YouTube, Facebook and Twitter are actively censoring posts that mentioned the name of the alleged 
    "whistleblower," something that has been reported on for weeks and is the worst kept secret in the country.    Don't get me started on the meme page purges, offsite tracking, and clear snooping on audio for advertising targeting.  
    razorpitcornchipSpamSandwichmagman1979lostkiwicat52watto_cobra
  • Reply 4 of 39
    Do tell! Facebook illegally or surreptitiously tracks users?!?!? Nobody coulda guessed. The quicker you get off that crap platform the better for your privacy and security. 
    razorpitdysamoriamagman1979lostkiwicat52whiteapplewatto_cobra
  • Reply 5 of 39
    Chances are they also have the microphone running; both sucking up your battery and your privacy.
    razorpitcornchipdysamoriaml35magman1979cat52whiteappleCarnagewatto_cobra
  • Reply 6 of 39

    Who in their right mind gives the FB app permission to use the camera and microphone? Then again, this is likely less severe than Google collecting personal health data on millions of people.

    https://www.marketwatch.com/story/secret-google-project-is-collecting-personal-health-data-on-millions-of-people-2019-11-11?dist=bigcharts



    magman1979cat52Carnagewatto_cobra
  • Reply 7 of 39
    Facebook needs to be shut down and zuckerburg should be in the gray bar hotel!
    not before larry, curly and moe from alphabet are decimated for profiting from scams, spam, hate, violence, gambling, showing sexualised content to minors and grooming minors to be addicts.
    magman1979cat52watto_cobra
  • Reply 8 of 39
    DAalsethDAalseth Posts: 2,783member
    So Facebook has been accessing the camera for who knows how long. The bug was that they let this become visible. Well, I never trusted the Facebook app anyway. Never installed it. For what little I use Facebook, (Following a couple of local groups that use it instead of a regular web page, no "friends", no posts, no personal information on my profile,) the web interface is good enough. I did however, just delete the Instagram app. Facebook owns it and so I don't trust it any more either. The web interface will have to do. Posting is a problem, but I understand there is a workaround for that.
    dysamoriaml35magman1979cat52watto_cobra
  • Reply 9 of 39
    lkrupplkrupp Posts: 10,557member
    MacPro said:
    Gosh what a surprise.
    Well, the article says this is only happening with iOS 13.2.2 so is it Facebook or Apple causing the problem?
  • Reply 10 of 39
    Facebook has no permission to use a camera or a microphone on my phone. Seems like it never asked for it (so hopefully can’t use them). I would deny access if it asked though, that’s for sure.
    watto_cobra
  • Reply 11 of 39
    When is Apple going to boot this app from the App Store?
    kingofsomewherehotrazorpitcornchipdysamoriamuthuk_vanalingammagman1979lostkiwiwatto_cobra
  • Reply 12 of 39
    gatorguygatorguy Posts: 24,104member
    sdw2001 said:
    Yeah, that's the least of my concerns about Facebook.  YouTube, Facebook and Twitter are actively censoring posts that mentioned the name of the alleged 
    "whistleblower," something that has been reported on for weeks and is the worst kept secret in the country.    Don't get me started on the meme page purges, offsite tracking, and clear snooping on audio for advertising targeting.  
    All the news media are refusing to name the whistleblower. It's not just the online social sites. My assumption would be that it's a legal issue. 
    edited November 2019 cornchipdysamoriajahblade
  • Reply 13 of 39
    DAalsethDAalseth Posts: 2,783member
    lkrupp said:
    MacPro said:
    Gosh what a surprise.
    Well, the article says this is only happening with iOS 13.2.2 so is it Facebook or Apple causing the problem?
    Facebook. Who knows how long they have been doing this. The bug was that it was possible to accidentally see that they are accessing the camera.
    razorpitcornchipdysamoriaBubbleliciousmagman1979watto_cobra
  • Reply 14 of 39
    Facebook has no permission to use a camera or a microphone on my phone. Seems like it never asked for it (so hopefully can’t use them). I would deny access if it asked though, that’s for sure.
    If you want to verify for certain, you can go to Settings -> Privacy, and then Microphone, Camera, etc and adjust the settings from there.

    Only apps that have asked for permission will be listed under each privacy topic.
    edited November 2019 StrangeDayswatto_cobra
  • Reply 15 of 39
    sdw2001sdw2001 Posts: 18,012member
    gatorguy said:
    sdw2001 said:
    Yeah, that's the least of my concerns about Facebook.  YouTube, Facebook and Twitter are actively censoring posts that mentioned the name of the alleged 
    "whistleblower," something that has been reported on for weeks and is the worst kept secret in the country.    Don't get me started on the meme page purges, offsite tracking, and clear snooping on audio for advertising targeting.  
    All the news media are refusing to name the whistleblower. It's not just the online social sites. My assumption would be that it's a legal issue. 

    It's not.  And it's not all the news media.  Paul Sperry of Real Clear Investigations named him.  It's not against the law to name the whistleblower in this case.  That applies only to the ICIG, and only in certain situations.  The so-called "whistleblower" can have his name shared by anyone else, including elected officials.  YouTube, Facebook and Twitter are engaging in ideological bias, as usual.   
    cornchiprazorpitmagman1979watto_cobra
  • Reply 16 of 39
    gatorguygatorguy Posts: 24,104member
    sdw2001 said:
    gatorguy said:
    sdw2001 said:
    Yeah, that's the least of my concerns about Facebook.  YouTube, Facebook and Twitter are actively censoring posts that mentioned the name of the alleged 
    "whistleblower," something that has been reported on for weeks and is the worst kept secret in the country.    Don't get me started on the meme page purges, offsite tracking, and clear snooping on audio for advertising targeting.  
    All the news media are refusing to name the whistleblower. It's not just the online social sites. My assumption would be that it's a legal issue. 

    It's not.  And it's not all the news media.  Paul Sperry of Real Clear Investigations named him.  It's not against the law to name the whistleblower in this case.  That applies only to the ICIG, and only in certain situations.  The so-called "whistleblower" can have his name shared by anyone else, including elected officials.  YouTube, Facebook and Twitter are engaging in ideological bias, as usual.   
    Oh well that's proof for me: Real Clear Investigations named him. and they are definitely a major news outlet (Roll eyes...)
    dysamoriabageljoeyjahbladeCarnage
  • Reply 17 of 39
    This is a serious violation. 

    Facebook needs to be banned from the App Store. The store reviewers should be fired, and Facebook needs to pay restitution to a class of users financially. 
    magman1979watto_cobra
  • Reply 18 of 39
    razorpitrazorpit Posts: 1,796member
    gatorguy said:
    sdw2001 said:
    gatorguy said:
    sdw2001 said:
    Yeah, that's the least of my concerns about Facebook.  YouTube, Facebook and Twitter are actively censoring posts that mentioned the name of the alleged 
    "whistleblower," something that has been reported on for weeks and is the worst kept secret in the country.    Don't get me started on the meme page purges, offsite tracking, and clear snooping on audio for advertising targeting.  
    All the news media are refusing to name the whistleblower. It's not just the online social sites. My assumption would be that it's a legal issue. 

    It's not.  And it's not all the news media.  Paul Sperry of Real Clear Investigations named him.  It's not against the law to name the whistleblower in this case.  That applies only to the ICIG, and only in certain situations.  The so-called "whistleblower" can have his name shared by anyone else, including elected officials.  YouTube, Facebook and Twitter are engaging in ideological bias, as usual.   
    Oh well that's proof for me: Real Clear Investigations named him. and they are definitely a major news outlet (Roll eyes...)
    What difference does it make if Gatorguy considers them major or not? A child knows 2+2=4. Are they wrong because they are not an adult? CNN has been wrong/lying for the last 3 years as they 'investigate' Trump, and they are a "major" news outlet.

    Just to make you happy, "whistleblowers are protected from work-related retaliation, including 'an appointment, promotion, or performance evaluation, or any other significant change in duties, responsibilities or working conditions. Revealing the whistleblower's name does not clearly fall under one of these categories.'

    Taken from the CNN article; https://www.cnn.com/2019/11/08/politics/legal-question-out-whistleblower/index.html

    CNN knows this is a bunch of BS. Now you know as well.
    kuraiwatto_cobra
  • Reply 19 of 39
    tmaytmay Posts: 6,253member
    gatorguy said:
    sdw2001 said:
    gatorguy said:
    sdw2001 said:
    Yeah, that's the least of my concerns about Facebook.  YouTube, Facebook and Twitter are actively censoring posts that mentioned the name of the alleged 
    "whistleblower," something that has been reported on for weeks and is the worst kept secret in the country.    Don't get me started on the meme page purges, offsite tracking, and clear snooping on audio for advertising targeting.  
    All the news media are refusing to name the whistleblower. It's not just the online social sites. My assumption would be that it's a legal issue. 

    It's not.  And it's not all the news media.  Paul Sperry of Real Clear Investigations named him.  It's not against the law to name the whistleblower in this case.  That applies only to the ICIG, and only in certain situations.  The so-called "whistleblower" can have his name shared by anyone else, including elected officials.  YouTube, Facebook and Twitter are engaging in ideological bias, as usual.   
    Oh well that's proof for me: Real Clear Investigations named him. and they are definitely a major news outlet (Roll eyes...)
    ...and I was certain that it would be Kellyanne Conway.../s
    watto_cobra
  • Reply 20 of 39
    dysamoriadysamoria Posts: 3,430member
    sdw2001 said:
    Yeah, that's the least of my concerns about Facebook.  YouTube, Facebook and Twitter are actively censoring posts that mentioned the name of the alleged 
    "whistleblower," something that has been reported on for weeks and is the worst kept secret in the country.    Don't get me started on the meme page purges, offsite tracking, and clear snooping on audio for advertising targeting.  
    You know there are laws protecting whistleblowers from retaliation, right? It’s actually a smart thing for these companies to protect their own legal asses by not letting someone’s identity potentially be wrongly associated with something like this.
    jahblade
Sign In or Register to comment.