PogoWasRight.org

Menu
  • About
  • Privacy
Menu

iOS Privacy: watch.user – Access both iPhone cameras any time your app is running

Posted on October 27, 2017 by pogowasright.org

Felix Krause has a concerning proof of concept on his blog:

Facts

Once you grant an app access to your camera, it can

  • access both the front and the back camera
  • record you at any time the app is in the foreground
  • take pictures and videos without telling you
  • upload the pictures/videos it takes immediately
  • run real-time face recognition to detect facial features or expressions

Have you ever used a social media app while using the bathroom? ?

All without indicating that your phone is recording you and your surrounding, no LEDs, no light or any other kind of indication.

Disclaimer

This project is a proof of concept and should not be used in production. The goal is to highlight a privacy loophole that can be abused by iOS apps.

Read more on KrauseFX.com.

 

Category: BreachesBusinessFeatured News

Post navigation

← Islamabad medic sacked for sending Facebook friend request to patient
Amsterdam refuses to publish Whois records as GDPR row escalates →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • South Korea fines Temu for data protection violations
  • The BR Privacy & Security Download: May 2025
  • License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows
  • FTC dismisses privacy concerns in Google breakup
  • ARC sells airline ticket records to ICE and others
  • Clothing Retailer, Todd Snyder, Inc., Settles CPPA Allegations Regarding California Consumer Privacy Act Violations
  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car

RSS Recent Posts on DataBreaches.net

  • Chinese Hackers Hit Drone Sector in Supply Chain Attacks
  • Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom
  • $28 million in Texas’ cybersecurity funding for schools left unspent
  • Cybersecurity incident at Central Point School District 6
  • Official Indiana .gov email addresses are phishing residents
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy