Google Developer Claims iPhone Camera Permissions Turn Rogue Apps Into Peeping Toms

For many people, the most important aspect of a smartphone is the camera performance. That is why phone makers put so much focus on the camera, with each new generation handset upping the ante with better photo-taking capabilities. But what if these cameras were used to spy on you? According to a software developer, the permissions granted to iPhone apps gives them the ability to take pictures and record video without the user's knowledge.

Felix Krause, a developer who obtained a Software Engineering degree from the University of Central Lancashire in the UK and currently works at Google, wrote an independent blog post warning of this functionality. And to borrow a line from Apple, this unsettling behavior is based on a feature, not a bug in iOS.


"iOS users often grant camera access to an app soon after they download it (e.g., to add an avatar or send a photo). These apps, like a messaging app or any news-feed-based app, can easily track the users face, take pictures, or live stream the front and back camera, without the user’s consent," Krause explains.

Krause points out that once an iPhone user grants an app access to the phone's camera, it can then tap into both the front and back cameras, record video whenever the app is in the foreground, take pictures and videos without alerting the user, upload pictures and videos, and run real-time face recognition to detect facial features or expressions. On top of it all, these things can happen without any flashing LEDs or other indication that the app is snapping a photo or recording video.

This level of freedom opens the door for some embarrassing moments to be made public, should an unscrupulous app maker decide take advantage of the permissions. To drive the point home, Krause asks the question, "Have you ever used a social media app while using the bathroom?" Why yes, yes we have. And no, we would not like that footage to find its way on the web.

Those permissions are what allow developers to create certain spy apps, such as Stealth Cam. However, any app with camera permissions can take photos and record video in the same manner. To prove it, Krause created a proof-of-concept app called watch.user and uploaded the source code to GitHub. The above video shows the app in action.

As with laptops, the only real way to safeguard from this behavior is to cover the camera lenses. The alternative is to revoke camera access for all apps, but that is sort of like using a shotgun to kill a fly.

Realistically, this is not something that is likely to affect iPhone users, as any app discovered to be misbehaving would quickly be outed. However, it is interesting to know.