Camera privacy bug found in Firefox Android in 2019 hasn’t been fixed yet

The issue was originally raised in July 2019 by a Firefox Android user.

The issue was originally raised in July 2019 by a Firefox Android user stating that their phone’s camera remains active when the app is in the background or even when the phone is locked.

Last year, a bug was found in Mozilla Firefox that hasn’t been fixed yet and is now distressing Android users’ ensuing privacy concerns.

Courtesy of an Appear TV (video delivery platform) employee who brought the issue to light in July 2019; they reported that the Android smartphone cameras remained active even after the browser was running in the background or when the phone’s screen was locked.

Screenshot from the official Mozilla forum addressing the issue on 9th July 2019.

The bug manifested when users chose to video stream using a website loaded on Firefox rather than the native/actual application. Many users basically go down this road, in order to avoid installing intrusive applications that ask for unencumbered access to the device’s data and storage.

Regardless of this, the browser kept video streaming even in situations when it shouldn’t do so, deeming it as major data and privacy breach whilst consuming users’ bandwidth.

Despite bringing the issue to notoriety, the bug hasn’t been fixed. The problem will be resolved by October 2020 as claimed by Mozilla. The bug fix will aim to limit and address the issue by defaulting to audio-only when the phone screen is locked.

See: DuckDuckGo collecting user browsing data without consent

In the meantime, users will receive a notification when a website attempts to access the device’s feature (camera and microphone). A Mozilla spokesperson stated:

“As is the case with dedicated conferencing apps, we provide a system notification that lets people know when a website within Firefox is accessing the camera or microphone, but recognize that we can do better, especially since this gets hidden when the screen is locked.”

However, Firefox seems to have taken the issue seriously with hopes to mitigate similar risks resurfacing in the future. They have taken this in stride and is looking to identify the actual problems in detail with a viable fix in the works. The bottom line is to wait until October and pay attention to alerts and notifications closely. 

See: LinkedIn was copying every keystroke of users until iOS 14 exposed it

Nevertheless, the organization’s next-generation browser for Android called ‘Firefox Nightly’ also available for testing, has a prominent notification system available when a website attempts to access the device’s hardware. Codenamed as Fenix, this new version will replace the current browser and will ensue better privacy features, optimization, and features.

Here is a video from ESET’s IT security researcher Lukas Stefanko who discussed the issue couple of days ago:

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts