This Scary Loophole In iPhone Apps Could Seriously Compromise Your Privacy

Posted by Sughra Hafeez in Science and Technology On 28th October 2017

Staying on top of the latest technology is something that’s important to a lot of people – especially when it comes to cell phones. Googler Felix Krause has uncovered a worrying setting in iOS.



An Austrian developer created an app called 'watch.user' that is capable of taking pictures of its user every second and upload them without notifying them in any way.

Follow ThatViralFeed


He called it a "privacy loophole that can be abused by iOS apps".



Unilad says that “once you grant an app access to your camera, it can unleash Black Mirror-style hell, with the power to ‘access both the front and the back camera, record you at any time the app is in the foreground’ and ‘take pictures and videos without telling you.”



When an app wants to access the camera, for example, to scan a credit card or take a profile picture during the set-up process, the iPhone user must give the app permission, in the same way, that apps must ask to access the camera roll, location and contacts and to send notifications.


Once allowed, it has to be turned off via the settings menu.


Felix Krause aims to inform people about this loophole. He says, “If you think about the average social media app or messaging service, they could, in theory, access your camera anytime the app is running. Apple will check for this in the app review probably, but developers could find a way around it.”


The iPhone gives no indication that the camera is being used or that the photos are being uploaded to the internet.


"iOS users often grant camera access to an app soon after they download it (e.g., to add an avatar or send a photo)," he wrote in a blog post.



"These apps, like a messaging app or any news-feed-based app, can easily track the users face, take pictures, or live stream the front and back camera, without the user’s consent."


The permissions system is not a bug or a flaw - it works in exactly the way Apple has designed it - but Krause said malicious apps could take advantage of it to surreptitiously record users.


He warned that other apps could monitor users emotions as they scroll through a social network news feed, record what they are saying, or live stream video of them in the bathroom as they tap away at a smartphone game.


"If you're using a messaging service, like Messenger, WhatsApp, Telegram or anything else, chances are high you already granted permission to access both your image library and your camera," he said.



"You can check which apps have access to your cameras and photo library by going to Settings > Privacy."


The only safe way to protect yourself from the hack is using camera covers, which can be bought online, through a simple sticky note will suffice.


You can also revoke camera access for all apps and always use the built-in camera app to avoid being caught out.