This is one of those things where there's no new information and nothing has changed in terms of what apps can and can't do on iPhone and iPad, but it's an excellent reminder and important opportunity to advocate for improvement:
This is pretty disturbing. Google engineer Felix Krause has detailed an alarming privacy setting in Apple's iOS that enables iPhone apps with camera permission to surreptitiously take photos and videos of you – without your knowledge.Clarification: Krause has since contacted TNW to clarify that he conducts his security research work during off-hours and independently of Google.The researcher notes that granting camera permission will enable apps to access both the front and the back camera of your device, photograph and record you at any time the app is in the foreground, upload this content immediately, and run real-time face detection to read your facial expressions.All of this without any notice or indication that your iPhone is snapping images of your face. No sound, no light, no LEDs.
Any app doing something like this would be in violation of App Store guidelines and subject to rejection. Of course, that's not a complete solution: Stuff can and has always slipped through. A better solution would be software disclosure. An even better one would be hardware disclosure. The best would be total lockdown... but it might be too restrictive.
Banner up
For years, iOS has enforced a banner when audio is being recorded (like with the Voice Memos app) or. transmitted (like with the Phone app) when you're not in the app to see it. Recently, iOS has added a similar banner for when the new screen recorder feature is being used. (Sadly, it doesn't expressly indicate what's happening.)
Those banners exist because audio and screen recording can persist even when the app or service is in the background. Photo and video capture can't. Start taking a video, leave the app, and the video stops recording. The concern here is potential unauthorized or unexpected capture while in the malicious app.
Some form of banner, sound, screen flash, or other disclosure whenever capture is performed programmatically, would help expose any potential abuse.
LED the way
Even better would be a MacBook-style LED light tied directly into the Secure Enclave. No need to fire it and annoy me with it if I tapped a button expressly to capture a photo or video, because that would be distracting, but if the capture is programmatic in any way, light that sucker up.
Lock it down
In a perfect privacy world, there would only be an Apple-supplied, secure control to trigger capture, and anything else would have to ask permission before beginning any new capture session (with full disclosure and API-level enforcement for how long the session would last.)
Also, though it increases the risk of dialog fatigue, a separate permissions call before apps can upload photos or video off-device and to the cloud.
That would no doubt impact the functionality and perhaps viability of some photography and surveillance apps, but security always comes at the cost of convenience.
Meanwhile, if you use third-party apps that you've granted camera access to but don't trust and for some reason can't delete, stick a piece of tape over your camera(s) or consider a cam-cover.
I've filed this issue and these feature requests with Apple: rdar//35197442.
