This is one of those things where there's no new information and nothing has changed in terms of what apps can and can't do on iPhone and iPad, but it's an excellent reminder and important opportunity to advocate for improvement:
Any app doing something like this would be in violation of App Store guidelines and subject to rejection. Of course, that's not a complete solution: Stuff can and has always slipped through. A better solution would be software disclosure. An even better one would be hardware disclosure. The best would be total lockdown... but it might be too restrictive.
For years, iOS has enforced a banner when audio is being recorded (like with the Voice Memos app) or. transmitted (like with the Phone app) when you're not in the app to see it. Recently, iOS has added a similar banner for when the new screen recorder feature is being used. (Sadly, it doesn't expressly indicate what's happening.)
Those banners exist because audio and screen recording can persist even when the app or service is in the background. Photo and video capture can't. Start taking a video, leave the app, and the video stops recording. The concern here is potential unauthorized or unexpected capture while in the malicious app.
Some form of banner, sound, screen flash, or other disclosure whenever capture is performed programmatically, would help expose any potential abuse.
LED the way
Even better would be a MacBook-style LED light tied directly into the Secure Enclave. No need to fire it and annoy me with it if I tapped a button expressly to capture a photo or video, because that would be distracting, but if the capture is programmatic in any way, light that sucker up.
Lock it down
In a perfect privacy world, there would only be an Apple-supplied, secure control to trigger capture, and anything else would have to ask permission before beginning any new capture session (with full disclosure and API-level enforcement for how long the session would last.)
Also, though it increases the risk of dialog fatigue, a separate permissions call before apps can upload photos or video off-device and to the cloud.
That would no doubt impact the functionality and perhaps viability of some photography and surveillance apps, but security always comes at the cost of convenience.
Meanwhile, if you use third-party apps that you've granted camera access to but don't trust and for some reason can't delete, stick a piece of tape over your camera(s) or consider a cam-cover.
I've filed this issue and these feature requests with Apple: rdar//35197442.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.