A Google developer has uncovered a worrying setting in iOS that enables apps with camera permissions to secretly record photos and videos without them knowing.
According to a recent report from Motherboard, Felix Krause, an Austrian developer who works for Google, built an app that was able to take pictures of its user every second and upload them, without notifying the user. He called it a “privacy loophole that can be abused by iOS apps.”
To demonstrate the issue, the Austrian developer created an app called “that is capable of taking pictures of its user every second and upload them without notifying them in any way.
Krause pointed out that when a user grants an app the permission to access the camera, they basically enable the app to access both front and rear camera and your photographs. Basically, whenever the app is playing the foreground, it can “record you, upload the content immediately, and run real-time face detection to read your facial expressions.”
He also describes how facial recognition could be used to identify users, and even use facial expression analysis to measure an emotional response to things like ads displayed in the feed. Krause’s app explains how the camera will be used, but a rogue app could obviously make an innocuous statement.
Krause has shared a short demonstration of the documented issue on YouTube, which can be seen below.