iPhone apps with camera permission: How Apple could better protect our privacy
This is one of those things where there's no new information and nothing has changed in terms of what apps can and can't do on iPhone and iPad, but it's an excellent reminder and important opportunity to advocate for improvement:
Any app doing something like this would be in violation of App Store guidelines and subject to rejection. Of course, that's not a complete solution: Stuff can and has always slipped through. A better solution would be software disclosure. An even better one would be hardware disclosure. The best would be total lockdown... but it might be too restrictive.
For years, iOS has enforced a banner when audio is being recorded (like with the Voice Memos app) or. transmitted (like with the Phone app) when you're not in the app to see it. Recently, iOS has added a similar banner for when the new screen recorder feature is being used. (Sadly, it doesn't expressly indicate what's happening.)
Those banners exist because audio and screen recording can persist even when the app or service is in the background. Photo and video capture can't. Start taking a video, leave the app, and the video stops recording. The concern here is potential unauthorized or unexpected capture while in the malicious app.
Some form of banner, sound, screen flash, or other disclosure whenever capture is performed programmatically, would help expose any potential abuse.
LED the way
Even better would be a MacBook-style LED light tied directly into the Secure Enclave. No need to fire it and annoy me with it if I tapped a button expressly to capture a photo or video, because that would be distracting, but if the capture is programmatic in any way, light that sucker up.
Lock it down
In a perfect privacy world, there would only be an Apple-supplied, secure control to trigger capture, and anything else would have to ask permission before beginning any new capture session (with full disclosure and API-level enforcement for how long the session would last.)
Also, though it increases the risk of dialog fatigue, a separate permissions call before apps can upload photos or video off-device and to the cloud.
That would no doubt impact the functionality and perhaps viability of some photography and surveillance apps, but security always comes at the cost of convenience.
Meanwhile, if you use third-party apps that you've granted camera access to but don't trust and for some reason can't delete, stick a piece of tape over your camera(s) or consider a cam-cover (opens in new tab).
I've filed this issue and these feature requests with Apple: rdar//35197442.
Get the best of iMore in your inbox, every day!
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.
Interesting that on Android, it's exactly the same. Why doesn't he talk about Google? Because he's a Google fanboy? Apple hater? Probably because he would be fired by Google's tyran Eric Schmidt.
@759nelson Felix is a great guy, reasons he doesn't talk about Google is because he only works with iOS, he simply has no interest or knowledge about the Android side, even though Google bought him and his project.
Who the F is Felix? Do you have any clue as to who wrote this story?
There's this wonderful thing called a search engine which when you type words into it will allow you to learn things. Google apparently have one.
I have had permission popups regarding the use of location services that include an “allow once” option. Would something like this work for camera and audio permissions? But I see Rene’s point that dialog fatigue would set in. Inconvenienced users stop using features.
I've always thought permissions on iOS were perfect, you get a few annoying popups the first time you open an app, but once you're done with that, they never appear again, and I know _exactly_ what I've allowed the app to do. Not to mention that many apps will still work if you disable certain permissions, so long as they don't rely on them for the core functionality. I don't see why people would want an "allow once" option for all the rest of the permissions, this is just silly. If you are seriously that paranoid about your privacy, you shouldn't own a smartphone, or really even be on the internet at all.
An LED notification light would be a great way to implement this. It's one of the things that I always appreciate on Android and wish was present on iOS devices.
I like Gruber's response: "To present Core ML as a privacy risk is talking about a hypothetical risk while Google and Facebook are currently ransacking your privacy."