Have you ever been on the phone talking about a holiday or a pair of shoes then, without googling said holiday or pair of shoes, you mysteriously start to see ads for it all over your browser? Many people claim they have – but why is this?
A tech expert is now claiming that apps can quite easily access your camera and microphone, even without your explicit permission. Privacy consultant Dylan Curran posted a pretty chilling thread on Twitter alleging that apps can take pictures and videos without telling you, run real-time face recognition to detect facial features or expressions and even live stream the camera onto the internet.
Here’s everything he says apps can do…
When you give an app access to your camera and microphone, here are the permissions you're really giving— Dylan Curran (@iamdylancurran) April 3, 2018
1.— Dylan Curran (@iamdylancurran) April 3, 2018
+ Access both the front and the back camera
+ Record you at any time the app is in the foreground
+ Take pictures and videos without telling you
+ Upload the pictures and videos without telling you
2.— Dylan Curran (@iamdylancurran) April 3, 2018
+ Upload the pictures/videos it takes immediately
+ Run real-time face recognition to detect facial features or expressions
+ Live stream the camera onto the internet
+ Detect if the user is on their phone alone, or watching together with a second person
3.— Dylan Curran (@iamdylancurran) April 3, 2018
+ Upload random frames of the video stream to your web service and run a proper face recognition software which can find existing photos of you on the internet and create a 3d model based on your face
4. This is the access every single app that has camera/microphone permissions can use, from Snapchat to LinkedIn to Twitter to Facebook to Instagram. Short thread, but please keep in mind what you're allowing these apps to see in your life when you click 'Yes'.— Dylan Curran (@iamdylancurran) April 3, 2018
The thread is based on a blog post from Google tech developer Felix Krause, who explained to ShortList that the claims are meant to prove what apps can technically do if they wanted to, not that they do at the minute.
He said: “I don’t know of any apps doing it, it’s also impossible to find out if they do it. It’s a proof of concept that it is possible to abuse the APIs in the background without the user knowing. I’m not claiming that any company is doing it right now.”
But still, the fact that they could do all this should be enough to scare the bejesus out of us - especially since the Facebook-Cambridge Analytica data scandal. And Krause recommends a few simple steps that all smartphone users should take to protect their privacy.
He said: “There are only a few things you can do:
- The only real safe way to protect yourself is using camera covers: There are many different covers available, find one that looks nice for you, or use a sticky note (for example).
- You can revoke camera access for all apps, always use the built-in camera app, and use the image picker of each app to select the photo (which will cause you to run into a problem I described with detect.location).
- To avoid this as well, the best way is to use Copy & Paste to paste the screenshot into your messaging application. If an app has no copy & paste support, you’ll have to either expose your image library, or your camera.”
Indeed, it’s interesting that many people cover their camera, including Mark Zuckerberg. Need any more proof that this is a real issue? Probably not.