Article updated with a statement from Facebook.
We frequently come across apps unauthorizedly accessing certain features or data of smartphones but mostly these are from SMEs. Sometimes, however, we’re astonished to see multi-billion dollar corporations engage in the same.
For now, take Facebook who has recently been found using the iPhone’s camera through its iOS app while users are browsing its app regardless of whether they are using any camera-related Facebook feature or not.
This was also demonstrated by a Twitter user named Joshua Maddux:
Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl
— Joshua Maddux (@JoshuaMaddux) November 10, 2019
The potential misuse though can only be found in iOS version 13.2.2 with preceding versions unaffected by it as stated by Joshua himself. Furthermore, the camera only works in this way if you’ve allowed Facebook access to it in the past.
However, we tested the bug on iPhone 6S device using iOS 13.0 version and little did we know the “bug” worked:
— HackRead.com (@HackRead) November 13, 2019
Here’s another video:
Today, while watching a video on @facebook, I rotated to landscape and could see the Facebook/Instagram Story UI for a split second. When rotating back to portrait, the Story camera/UI opened entirely. A little worrying… pic.twitter.com/7lVHHGedGf
— Neo QA (@neo_qa) November 2, 2019
However, the concerning part is that not only Facebook but any other iOS app can do the same as was found by a Google engineer named Felix Krause in 2017. He discovered that apps could access both front and back cameras, upload pictures & videos taken and also run real-time facial recognition which can be used to track someone online as well. Elaborating further, he states how they could “use the front and the back camera to know what your user is doing right now and where the user is located based on image data.”
Currently, there is speculation as to whether Facebook has been doing this intently or if it is a genuine bug. This is partly due to no response yet from Facebook leaving users to guess it out. In either circumstance, this does result in bad PR for Facebook especially when it has already been embroiled in conflicts arising from privacy concerns on how the company utilizes user data.
Moreover, other apps both on Android and iOS have been found spying on users through similar tactics drawing undue attention to Facebook. Hence, it is advised that everyone take some basic security precautions such as restricting camera and microphone access to only a handful of apps leaving little room for misuse in the first place.
Additionally, you could completely cover your camera with tape just like security-conscious users would do with a webcam on a laptop although to be fair, you’ll be missing in on the iPhone’s only improving feature lately.
UPDATE: Nov. 12, 2019, 2:31 p.m. ET Facebook VP of Integrity Guy Rosen has tweeted about the issue and said that it is indeed a bug and a fix will be pushed out to the App Store today.
We’re submitting a fix for this to the App Store today.
— Guy Rosen (@guyro) November 12, 2019