

Creepy iPhone bug: front facing camera takes pictures by itself. - monochromatic
http://discussions.apple.com/thread.jspa?threadID=2792410&tstart=0

======
johnthedebs
I haven't developed on iOS but I remember reading someplace that when an app
is loading it can display an image of what it looked like when the user most
recently left it, in order to give the appearance of loading more quickly. I
think it was one of Marco Arment's blog posts, but his site isn't available
right now.

Anyway I also don't have an iPhone 4, but FaceTime for OS X shows the camera
view whenever it's on so that you can see yourself whenever starting a call. I
imagine FaceTime for iOS does something similar.

If you combine those two things, you get one possible explanation for what's
going on. One that's pretty benign, but should probably still be avoided
because it obviously spooks users. Oh, and it should probably be at the API
level so that the last thing an app saves is _never_ camera data.

~~~
monochromatic
That's not what's going on here. Some of the pictures that it's been showing
me have come from times that I definitely wasn't using facetime (one was from
while I was driving, even). Something is triggering it to take a picture, but
it's not facetime.

~~~
sudont
I've got a cheap Samsung phone that takes phantom photos too. Why I'm not
worried?

A: It's front-facing, so it's never of me.

B: The phone is completely worthless, so it never takes decent photos anyways.
(Generally of my pocket.)

The only reason people are spooked is that Apple has higher expectations
(also, tribal instinct). My buddy's Nexus phone module will crash constantly,
requiring a reboot before use of the camera. His response: "Eh, whatever."

~~~
runjake
This is exactly why I left the Android world. These kinds of engineering
blunders were acceptable to vendors.

Apple's no golden child, as this bug demonstrates, but they're orders of
magnitude better. HTC probably would've just let it be, in all honesty.

~~~
stanleydrew
Let's not drag this discussion into an Android bash-fest please.

~~~
monochromatic
Agreed, this is an Apple bash-fest. Stay on topic folks.

~~~
sudont
Other than saying my friend is a casual user of Android, I see nothing in my
statement that bashes either Apple or Android. (Samsung, on the other hand...)

Apparently one camp or the other is fairly touchy.

------
mattyohe
While I can't consistently reproduce this issue, I was able to get FaceTime to
show up with some random image of myself in the preview of my FaceTime call.

Basically: 1\. Open the camera app and flip the camera to yourself. 2\. Close
the camera app, and call yourself on your Mac's FaceTime app. 3\. The image
that showed up was of me frozen, from just a few moments prior when I flipped
the camera around.

When I first saw this post, I attempted to call a friend, and saw exactly what
that first poster in Apple discussions saw, a black screen.

After rebooting it's all "fine" now. (I'm running 4.3.1)

~~~
monochromatic
Very interesting. Possibly another aspect to this bug.

------
SomeCallMeTim
If it turns out that one of the installed apps was taking pictures without the
user's knowledge, then that's one reason to like the permissions that Android
shows you for every app you install: No app can take a picture without
requesting the proper camera permissions, and I'm not going to install a game
or a music player that requests camera permissions (or anything else totally
unnecessary). (For those who don't know, the list of permissions an app
requests is presented to you before you install any app.)

iPhone/iPod/iPad users can correct me if I'm wrong and iOS pops up some kind
of warning when an app turns on the camera -- I know it pops up a warning
under some circumstances at least.

~~~
tjogin
Unless I'm mistaking, an API that let's an app take pictures _without the
display betraying what's going on_ doesn't even exist. I don't even think any
API exists to take pictures — that doesn't involve the _touch of a finger_ on
the display.

Can't explain it though.

~~~
bunnyhero
In iOS 4, such APIs do exist. I blogged briefly about it here
<http://www.bunnyhero.org/2010/08/17/thoughts-on-ios4-camera/> (I used the API
for a test app that uses the front camera to detect how much light is shining
on the iPhone [http://www.bunnyhero.org/2010/08/15/turn-your-iphone-
into-a-...](http://www.bunnyhero.org/2010/08/15/turn-your-iphone-into-a-
vampire-with-avfoundation-and-ios-4/) )

~~~
magicofpi
But why would Facetime be using this? It seems unnecessary.

~~~
diploid
The theory is not that Facetime is using this API but that another malicious
app is using it to take pics without the user consent.

Then Facetime is loading those pics on startup because they were the last pic
taken with the phone.

~~~
magicofpi
Hmm, okay, but doesn't that sound kind of strange too? Why would FaceTime use
an image from the camera roll instead of one from its own cache?

~~~
nfg
The linked thread says the image being displayed is not in the camera roll. so
maybe some sort of weird caching issue?

------
greengarstudios
"there is no indication to the user at all that the camera is in use unless
the app provides its own. There is no permission alert, nor any LED indicator
like a webcam. An app could secretly be recording your face with the iPhone
4′s front-facing camera and sending it to who knows where."

<http://www.bunnyhero.org/2010/08/17/thoughts-on-ios4-camera/>

As a fellow iOS developer, I believe this is true. It's pretty amusing that
there's a guy on the Apple Discussions forum claiming that this is impossible.
Actually, it's very possible.

------
staunch
Could it be some kind of buffer with the previous image data held in memory?

~~~
darren_
This does seem most likely, but the other thing is that this previous image
data is from times when no-one was using the camera. So the question is where
did the previous image data come from?

~~~
Lazlo_Nibble
My first guess at an explanation would be that the camera is actually a self-
contained little image/video engine that's "running" (i.e., capturing images
internally) anytime the phone is powered up, and that under certain
circumstances tickled by FaceTime, polling the camera engine results in a
cached frame getting kicked out of a camera-internal buffer.

Mind you, that's based on absolutely no actual understanding of the hardware,
software or APIs involved.

------
blub
I don't know if this is malware, but I wouldn't be surprised at all.

In fact I'm surprised it isn't happening more often (especially to jailbroken
iPhones and Android devices), it seems that smartphones are a perfect target.

~~~
tjogin
Two reasons: Apple's approval process and the paper trail.

The approval process, while not guaranteed to catch malware, serves as a
deterrent to evildoers because they know that at least _some_ review will be
made of their app, functionally as well as on an API-level.

There is a paper trail from each app to the developer responsible for it. When
your app gets caught, _you_ get caught.

It'd take a _remarkably_ stupid evildoer to develop malware and submit it for
Apple approval. It's less of a hassle and much less risky to be evil using
other traditional channels, with no oversight; like exploiting browser bugs,
building native programs that don't require neither the paper trail or an
approval process (maybe masking as a "driver" or a "plugin" you need to watch
some shady porn or whatever), spam, fraud and other schemes, etc.

For these reasons, it _doesn't_ surprise me that we've seen no malware on iOS.

~~~
blub
I know, that's why I said jailbroken iOS and Android.

* Jailbroken users get their apps from third party sources and there are no more guarantees.

* Android Market doesn't do malware checks (yet), and there was an issue with malware recently.

Still, not even the AppStore is perfect: somone snuck in a tethering app
disguised as a flashlight, if I remember correctly and there was a problem
with a book vendor that was gaming the top lists.

~~~
tjogin
Right, but neither of those hurt users, so not malware without stretching the
definition of the word.

I don't think malware on jailbroken iOS or Android happens much because most
people who jailbreak are technically savvy. Also, they're a relatively tiny
minority.

------
perivamsi
"It's a feature, not a bug"

If they can't build the permissioning around their apps immediately, it will
be a good idea to list the phone resources (camera, voice, speakers, etc) that
an app uses on the app store page.

