Felix Krause has a concerning proof of concept on his blog:
Facts
Once you grant an app access to your camera, it can
- access both the front and the back camera
- record you at any time the app is in the foreground
- take pictures and videos without telling you
- upload the pictures/videos it takes immediately
- run real-time face recognition to detect facial features or expressions
Have you ever used a social media app while using the bathroom? ?
All without indicating that your phone is recording you and your surrounding, no LEDs, no light or any other kind of indication.
Disclaimer
This project is a proof of concept and should not be used in production. The goal is to highlight a privacy loophole that can be abused by iOS apps.
Read more on KrauseFX.com.