If you want to be sure nobody is spying on you through your laptop's webcam, the best thing you can do is cover the lens—but the same might actually be true for the camera on your Apple smartphone.
Felix Krause, a developer at Google, has found that any iOS app could secretly use the iPhone's camera to record images and video of the user, once given permission to access the camera at all. Krause developed an app for demonstration purposes that shows how an app could use either front or rear cameras to capture images and video in the background. The resulting footage or images could be directly transferred to cloud servers without the user being aware or receiving any notifications.
The camera could also be used to run real-time face recognition, possibly even identifying the user.
The good news is that Krause's app is not approved for distribution through the iTunes App Store; hopefully such malicious behavior would be picked up during Apple's pretty strict review process. However, if you want to be entirely certain you're not being spied on, the best options seem to be covering the lens or not granting camera access to any app you don't 100 percent trust.
For a better idea of the issue, watch the video below that shows Krause's proof-of-concept app in action, or read the full report on his website.
Interesting proof of concept but this is not a vulnerability. If you grant permission to an app. Then you should expect the app has access to all the pictures/videos and control of the camera. This is why I never install any IV Calc app for Pokemon Go.
Hahaha ... Android is by an order of magnitude worse, there is no privacy! You can't even install an App if you don't give it full permission to use whatever it wants, hence your truly don't even go near anything Android!
That is a direct lie. Apps need permissions much like on iOS, though just like iOS given a permission for e.g. "camera" is a whole list of smaller restrictions. But what you can't do on iOS is to fine tune these permissions as you can on android. I don't vouch for either platform as they both have plenty of flaws, though android give the user the chance to fix them themselves.
I totally enjoy "but Android is doing just the same" remarks. It feels like when Apple comes up with something, fanboys are: "This is so much better than Android". When they screw up, "It is just as bad as Android; no, wait, Android is much worse". Does Apple even exist in the absence of Android? What would you compare it to?
The key thing here is that it refers to a running app "in the background". I for one never leave a third party app running in the background that uses the camera or microphone if I am not using that app.
@Edward, I don't think you can run app as service under iOS. You can run app in background with restriction but that too can be disabled by user. Of course if you jailbreak, then that is a different story. The moment you jailbreak your iOS device, you give up all the nice security features of iOS.
Obviously never submitted an iOS app to the iTunes Store. The file, once submitted, is automatically run through some sort of automatic code review, to apparently help ensure no nefarious intent. This takes quite a while. In the Google Play Store, submission takes only a few seconds. This could be one reason why there have been literally hundreds of Android apps that have done anything from address book harvesting to password theft. And “proof of concept” means just that: he proved it could in theory work. In practice, no. iOS is still the most secure mobile operating system. That’s why many Fortune 500 companies do not allow Android OS phones for work.
UK Govt Issues which means they have already stripped it down to essentials and literally running a private OS by that point. ExNewt means REAL companies... like major ones... I work for one and it literally is like a no brainer. Android is the wild-wild-west.
Just because you don't 'give permission' to the camera doesn't mean it won't be there, shooting away whenever it feels like it. C'mon people, get a bit more paranoid.
Many people are totally misunderstanding this. The app can only use the camera while it's running in the foreground. It won't be secretly recording anything while the phone is in your pocket. Learn to read people.
Concerning the actual "news": this has been obvious. Since there's no LED showing the camera's activity while it's being used (like on MacBooks) it's obvious the camera can be used secretly and I'm pretty sure this is how it works on Android also. I do believe though that phone makers should limit use of the camera to situations where the video feed is shown live on the screen. And access to the microphone should also have some sort of on-screen info so the user knows it's being used.
All cameras attached to a networked computing device can be used for spying. Remember former FBI Director, James Comey, was asked why he taped the webcam on his laptop computer a few years ago?
Forgive me for sounding sarcastic, but.......this is news? Android has been doing this for years....you give a camera app permission to use your camera. The wording makes it sound like they can just use it randomly to spy, but it just means you are giving the app the ability to take photos, which almost sounds counter-intuitive ("hey youre a camera app!! shoot something!") but its not. Is this a new thing with ios? I swear sometimes that Apple makes people believe there isnt a world outside of Apple. For example, I saw a Twitter post one day say if they're iPhone acted up one more time, they were going back to a rotary phone....to which I replied "there are these other phones called Android....."
It says a lot about discourse these days that people have to make everything into a "this versus that" story and insist on things like "balance". Of course Android applications get up to this kind of thing, but that is yesterday's news. Today's news, if it even is news, is that iOS applications also get up to this kind of thing.
Naturally, this bursts a few bubbles, although given some of the remarks about paranoia and the rather ignorant "nothing to hide" tone from some commenters, a few more bubbles need bursting, I think.
Possibly, but who would want pictures of the inside of my pocket? Or my carpet? Or the top of my table? Or ceiling? Or even my face? And who would orchestrate and collect that or sense when a picture might be interesting or informative? Apps want data on users so they can target advertising--huge troves of data for what people do online is worth billions. But secretly recording me? Where's the incentive? Privacy is worth fighting for in legislation, but big brother fears about technology and conspiracy theories usually just don't make a whole lot of sense. Just deny permissions or don't use apps that need access to your souls. No one really needs yay to post on social media and as soon as you do, you have no privacy.
If you worked in a secure job (government or private) or were being stalked by an ex (or soon to be) or ...
Low level AI program could easily edit the feed to remove pics of your pocket and extract pics and/or sounds of anyone you meet with.
I'm sure Apple is now aware and working on a fix. Most obvious fix is for the OS to restrict camera/mic permission to only operate when the App is on screen and user-active (not allow background operation). This will probably show up in a near term update.
Who would want pictures of the inside of my pocket?
What's the incentive?
You answered your own question - data is worth billions.
And don't try to convince anyone there's no unscrupulous persons/organizations/corporations/governments that would hesitate to exploit this. In case you have any doubts, consider that outfits like facebook and government are constantly increasing surveillance and adding the data to truckloads - yes TRUCKLOADS - of new hard drives being added to their systems daily.
This is like saying he developed a crack but the crack require the user to crack own phone first and then install the app. How he plan to distribute his app when it won't pass App Store security?
Yes but it's also been shown that the Android market place (Google Play store) has far more malicious apps in its market than the Apple iTunes store. Somewhere I read as much as 40 or 50% of the sample that was taken in a study showed that a considerable amount of apps in the Google Play store violated privacy in some way or another, not necessarily malicious I guess, but violated privacy, like sending data to the developer, etc.
A simple Google search will yield a lot of results on this topic. I'm not saying that the iTunes store is necesasrily "better" but Apple's entire process for allowing apps on the iTunes store takes a little more work.
Android apps can already do this. Nothing to see here (pun intended).
Note: I have used Android devices since Donut days and I have no iOS ones, so I am not just being anti story for the sake of it.
Background: I used to use a Panasonic DMC-CM1 "camera" phone - why else am I one this site if not for camera tech? - and we had a seemingly genuinely rogue app at work, but distributed through the Play Store that would open the camera and mic on every start-up and I only knew this because the physical lens on the phone would open and close quickly. The vendor claims to have "fixed" this non-standard device discovery (they say) but I refuse to reinstall the app.
* The app would close / crash / restart in the background, so this happened without manual app start-up
I am - let's put it this way - a less-than-enthusiastic-fan of Apple products but, here, I have to be fair and point out that Android Apps seem to be doing the same. Even some browsers do it, I suspect.
I found it especially creepy that the ticketing site for British Airways deployed Firefox pop-ups in my Samsung tab, asking permission to record audio and video.
As a rule, in this sad day and age, whenever I am using a device with the ability to record images and sound I assume it is being done without my consent.
I presumed this was the case, I don't know why anyone wouldn't have. When my iPhone is in use, its "Cellular Data Usage : Current Period" numbers match up with the Verizon "Estimated Data Usage." But when the phone sits idle a few hours (say while I'm sleeping, 10-15mb ticks off the latter which is not reported by the former.
I turn on camera/microphone/location/photos/contacts access for apps only briefly and only when absolutely necessary. I'm trying to train myself to add cellular data access itself to that list, but they intentionally make that more of a pain to turn on and off.
Call me old fashioned, but I thought lots of people wanted to take endless pictures of themselves, wherever they are, whatever they're doing, and post it immediately to the latest social media gadget? #nandos #bog #gooddump, etc.
Very soon the genetically engineered children of the future will have a sort of gadget similar 'echo dot' the size of a pin head implanted into the brain which will make then super intelligent, and they will know about everything. Humans (if there is such a thing in the future) will then become 'omnipotus' (knowing of everything ). Conversation will become pointless.
Most likely the following will haopen. 1. Big companies will enact law to genetically modify people so they birn without brain. Some of them already brainless so it is easyer to push the point of non necessity if brain. 2. Those who undergo modification will have a built in slot for a smartphone in their head. Users will always have latest Apple device in their head. 3. All decision making will ne outsourced to large corporations that sponsir gadgets in people's brain. No need to think! 4. Unfortunately phones will not have neither screens nor cameras as they will be using human eyes to creade substituted reality imges directly translated into the idiots, sorry should say customers, brain via hallucinogenic process. 5. Same old rule of taping over the camera would still apply, but this time one should tape their eyes. However no one would care as Apple told them it is OK and they should be elated and should not bother by yet more invasive behaviour of big brother.
News flash. Android phones can do it too. Once you've given the right permissions when you install it nothing stops it from taking shots, recording audio or even relaying the phones position in the background. I know I've written a location based app to do just that (to track vehicles).
byDMP what is your daily source of news? Do you read newspapers? Even the simple one with bright primary colours and big pictures- USA Today - even that one had the relevant news on this subject.
I understand that it’s horrifying enough to WANT to ignore it. But when you’ve read that your tax money is spent on ludicrous stuff like this, at enormous cost, it’s your job as a taxpayer and citizen to pay attention. Deal with the reality of it.
A tin foil hat ruins my reception and I end up binge hallucinating every time I take it off to catch up. If it were tunable so it just filtered out the delusions that don't like me, it would be OK, but as it is, I might as well sit in the grounded shipping container, except it gets so hot in there, and the door is heavy (and rusted) and that makes it hard to ... Sorry. Are there more pterodactyls than there used to be? They go right through the paint.
And yet again, people are attacked for requesting reliable verifiable information instead of vague generic guesses disguised as the ultimate truth.
I guess the Russian bots are taking over dpreview as well.
For the record, personally, I do not believe that I have much privacy when I use my phone. But it is naive to the extreme to claim that I would have NONE, without giving a source that confirms it.
@Digital Suicide. Calling someone who requests facts and sources "brainwashed", "naive" and "an idiot" fits perfectly into the Internet Research Agency pattern. Are you also based in Olgino?
@mlewan Think what is comfortable for you. I think there is plenty of facts on the web. Like OSA25 said - just dig the internet. But I don't think you'll find sources on that. Sources are confidential. App and gadget makers would never admit it. Sorry for calling you idiot, I'm taking it back.
The likelihood of this happening is slim. But you can bet Apple will fix it anyway. They have made our privacy their business model. Whereas Google and Amazon are running roughshod over a our privacy.
Speaking of Google, the author neglected to point out this engineer made it clear he did this research on his own time and not while at work.
It already happens. When my iPhone is in use, its "Cellular Data Usage : Current Period" numbers match up with the Verizon "Estimated Data Usage." But when the phone sits idle a few hours (say while I'm sleeping), 10-15mb ticks off the latter which is not reported by the former. I haven't figured out if it's Apple, Verizon, or one of my third-party apps.
Install Snapchat or Instagram, then deny them access to your contacts list, then watch how fast they populate with suggestions to connect with people you know anyway.
Open your Facebook app, log out, then install Tinder (which uses the Facebook account), and when it asks for approval through Facebook see whether you have to enter any login credentials or if the phone remembers them.
If you care to do your own personal objective research on this issue .... just go to Starbucks and have a peek a how many laptop users use makeshift covers to cover their cameras.
The degree of distrust is quite chilling at least where I am.
Honestly as software engineer I don't get it... I mean if you can use the camera on your app, you have to make additional work to display the photo/video taken, so obviously you can decide to not display it at all.
With the proper right the application can spy all it ears and see on top of geo localization, reading your mails, sms, that's obvious. They insist on ios and apple, but I fail to see how Android would be any better.
You shouldn't install app if you don't need them and you should restrict their rights to the minimum.
So let me see.... If the app takes pix secretly without you knowing about it.... The image belongs to the app.... We've been down this road before.... :=)
Apple is now peaking on hardware sales and is increasingly looking to sell services and open up it's ecosystem to sell content. That means increasingly you are the product and Apple's immense pressure to carry on increasing profits can only come from pimping you out.
So they are heading in the same directions eventually...
They shouldn’t be, that’s in the terms of the iOS App Store, so any apps that do are malicious and shouldn’t make it through the screening process. In any case, just be safe and switch off access to the camera, microphone, gps for any apps you download that don’t strictly need it. This is done in the main setting area.
If this sort of thing concerns you, only give an app permission to use the camera when you use the app. Then rescind permission when you are done using it. It requires 30 seconds of your time but then you don't need to be concerned about unauthorized "spying."
This entire “story” is a drug induced vision of Felix’s. Basically, he discovered apps with permission to use the camera can.... wait for it... wait for it....
Take pictures. Yep. That’s it. Nothing more.
Oh, and they have to be running and in the foreground (meaning locked is not running and in the foreground)
In that case, I recommend using the Scotch Removable Transparent Tape (blue & yellow box). It won't leave a residue when removed and, while in place, will completely "frost over" any scene the camera might record.
@RogueSwan You should review permission settings for the microphone too. I deny audio permission to all non-voice chat apps.
The main problem with the tape solution are that a) it may not muffle the sound enough, and b) you may not have time to pull it off when you get an incoming call.
The Prvke Lite is the latest release from camera bag/strap maker Wandrd. A shrunk-down version of their popular full-sized Prvke bag, this model is perfect for smaller kits, including mirrorless cameras.
The Olympus OM-D E-M10 IV is an entry-level mirrorless camera that's feature-packed, and will appeal to beginners as well as more experienced users. Read about the ins and outs of this image-stabilized, low-priced camera here.
The Panasonic Lumix DC-G100 (G110 in some regions) is a mirrorless camera designed for vlogging. Its 20MP Four Thirds sensor is paired with clever tracking audio technology, but we have our reservations.
The GFX 100S fits most of the capabilities of the GFX 100 into a smaller and more affordable body. We've tested what the camera offers to see who it might make sense for.
The Sony Alpha 1 is Sony's flagship mirrorless camera for, well, just about anything. With a 50MP sensor, it gives you tons of resolution, but it also lets you fire off burst images at 30 fps for fast action sports. Add in 8K video capture and you have a really impressive package.
Although a lot of people only upload images to Instagram from their smartphones, the app is much more than just a mobile photography platform. In this guide we've chosen a selection of cameras that make it easy to shoot compelling lifestyle images, ideal for sharing on social media.
What’s the best camera for around $2000? These capable cameras should be solid and well-built, have both speed and focus for capturing fast action and offer professional-level image quality. In this buying guide we’ve rounded up all the current interchangeable lens cameras costing around $2000 and recommended the best.
What’s the best camera for less than $1000? The best cameras for under $1000 should have good ergonomics and controls, great image quality and be capture high-quality video. In this buying guide we’ve rounded up all the current interchangeable lens cameras costing under $1000 and recommended the best.
There are a lot of photo/video cameras that have found a role as B-cameras on professional productions or A-camera for amateur and independent productions. We've combed through the options and selected our two favorite cameras in this class.
What’s the best camera costing over $2500? The best high-end camera costing more than $2000 should have plenty of resolution, exceptional build quality, good 4K video capture and top-notch autofocus for advanced and professional users. In this buying guide we’ve rounded up all the current interchangeable lens cameras costing over $2500 and recommended the best.
Something terrible has happened to Chris and Jordan up in Calgary, and they need to buy a new camera kit priced under $4000 using their own money. Find out what cameras and lenses they chose.
At only $8000 the Vazen 50mm T2.1 1.8x anamorphic is quite a bargain - in relative terms anyway. Designed for full frame sensors it offers a 65 degree angle of view.
Because of COVID, a famous tulip garden was closed to the public for the second year in a row. Wiebe de Jager flew his DJI FPV drone through the premises to give us 'a bird's flight' perspective.
Roman Yarovitcyn spent the 1990's working as a newspaper photographer in Russia and shooting primarily on inexpensive Zenit-E cameras. Despite the shortcomings of his gear, the B&W images he created during this era are nothing short of mesmerizing.
We recently published our Olympus E-M10 Mark IV review, and with it, we have a boatload of new samples including some fresh Raw conversions. Take a look.
As the European Space Agency (ESA) prepares for the launch of its new Ariane 6 rocket, ESA produced a stunning time-lapse video at the rocket's future launch site in French Guiana, South America.
A production copy of the Leica Vario-Elmarit-SL 24-70mm F2.8 ASPH, and we've taken advantage of an unbroken few days of sunny spring weather to start a gallery of photos, on the Leica SL2. Click through for our initial set of samples, which we'll be updating in the coming days!
Caleb Pike of DSLR Video Shooter has shared a video showing how you can make an all-in-one video studio that collapses down into a Pelican 1510 case for the ultimate turnkey video production solution.
It's new laptop season, and HP is getting in on the fun with three new ZBook G8 notebooks. Available in 15.6" and 17.3" sizes, the notebooks include Intel's new 11th-gen processors, RTX graphics, fast memory, impressive displays and much more.
At a quick glance, you might even think this ultra-fast prime was a first-party Leica lens, thanks to its similar design and typeface used for markings on the lens.
What's the best way to get a sharp photo: the "Mr/Mrs Pinchypants" or the "Down on the ground pound"? In this episode of DPReview TV, Chris shows you the right way to hold your camera to get the best results.
The Peak Design Marketplace is a peer-to-peer platform where consumers can buy and sell pre-owned Peak Design equipment that keeps the company's lifetime guarantee intact.
We've just received a production-ready Pentax K-3 Mark III, and we've gotten straight to work with it to see what it can do. Check out our samples from a variety of lenses and a variety of sites (and sights) up and down the Puget Sound region in Washington State.
Tokina’s new 25-75mm T2.9 lens slides between its current 11-20mm T2.9 and 50-135mm T2.9 cinema lenses, making a trio of constant T2.9 zoom lenses from 11mm through 135mm focal lengths.
Razer's Blade 15 laptop first launched in 2018. Since then, the company has made numerous updates. The latest refresh adds new 11th gen Intel processors, faster memory, PCIe Gen 4 storage, a thinner design and more. It may be a gaming laptop, but there's a lot to like here for creators, too.
The New York Times and the Content Authenticity Initiative have unveiled a prototype system to inspire confidence in photos by securely recording and making available information about creators, edits and publishing information for photographs.
The Prvke Lite is the latest release from camera bag/strap maker Wandrd. A shrunk-down version of their popular full-sized Prvke bag, this model is perfect for smaller kits, including mirrorless cameras.
Why are modern 50mm lenses so complex? Lens designers didn't add all that extra glass just to charge more money and make the diagram look cool, explains Roger Cicala.
Since the dawn of recorded time, Pentax DSLRs has been known for being well-designed, rugged and full-featured. In this episode of DPReview TV, Chris and Jordan share their thoughts about Ricoh's latest DSLR, the Pentax K-3 Mark III.
Surely you've already watched our video review on the Pentax K-3 Mark III. Now it's time to take a closer look at some of the samples from its 25.7MP sensor.
Apple has teamed up with Incite for many great 'Experiments' videos showcasing the latest iPhone model's camera capabilities including its latest, which shows off the slow-motion and time-lapse performance of iPhone 12.
If camera companies want to truly compete with smartphones for relevance, they need to offer models that are as easy to use as a phone, but offer substantially better image quality.
The lens remains the widest shift lens for full-frame cameras, with the new Leica L and Pentax K mount versions rounding out the Canon EF, Canon RF, Nikon F, Nikon Z and Sony E mount options from launch.
The Olympus OM-D E-M10 IV is an entry-level mirrorless camera that's feature-packed, and will appeal to beginners as well as more experienced users. Read about the ins and outs of this image-stabilized, low-priced camera here.
Canon's Larry Thorpe has seen lot of changes over his 60-year career in the industry. We spoke to him after his recent retirement, and in this interview he highlights some of the technological advancements he's seen during his career and discusses the convergence between stills and video.
Comments