
Facebook iOS app has camera active during use - robbya
https://twitter.com/JoshuaMaddux/status/1193434937824702464
======
ProfessorLayton
FB definitely does not deserve the benefit of doubt anymore regarding privacy
issues.

That being said, this feature soon to be called a bug, feels like one of those
things being done in the name of performance. I do not agree with this
solution, however, the startup time for the camera on older iOS devices can be
frustratingly slow. My 6S now on iOS 13 can take several seconds for the
camera to turn on. This is most evident when trying to capture something in
the moment on Snapchat. The stock camera app takes long enough that I often
miss key moments (I plan to upgrade soon, but have not yet committed to losing
my headphone jack).

I’m not at all excusing this, but I can see why they’d try this if they want
their users to post more original content

~~~
cmurf
Whatsapp refuses to function if you don't give it permission to read your
contacts. I want to manually input the numbers I want to message via Whatsapp,
but that isn't an option. Whatsapp wants to collect my entire contacts. My
refusal to grant such permission means I can't use the app, which means
there's no point keeping it around.

~~~
pfranz
I installed Whatsapp for the very first time last week. I feel like there's
additional friction and nagging if you don't give it access to your contacts,
but you can definitely open it and send/receive messages.

~~~
cmurf
Please explain how, in detail? I tap the message button and it asks for
permission to my contacts. I tap deny which only dismisses the permissions
request. I don't get a chat field or any way to manually enter a phone number
to start chatting.

Last time I used Whatsapp, there was no way to chat with someone who was not
in Contacts, on Android. I first had to add each person to Contacts before
Whatsapp would let me chat with them.

~~~
danillonunes
You can continue active chats or respond people who had started a chat with
you, but yeah, you can’t start a new one without the contacts permission.

Maybe you can use a number link
([https://faq.whatsapp.com/en/android/26000030/](https://faq.whatsapp.com/en/android/26000030/))
without the permission, but I’m not sure.

------
dwd
Life imitating art...

\---------------------

If you knew the trouble I had getting an AI to read and duplicate facial
expressions. You know how I cracked it?

I don't know how you did any of this.

Every cell phone, just about, has a microphone, camera and a means to transmit
data. So I turned on every microphone and camera across the entire fucking
planet and I redirected the data through Blue Book. Boom! Limitless resource
of vocal and facial interaction.

You hacked the world's cell phones?

Yeah. And all the manufacturers knew I was doing it, too. But they couldn't
accuse me without admitting they were doing it themselves.

\- Ex Machina (2014)

------
BoorishBears
I have a strong feeling this is a hamfisted attempt to make stories or some
other camera related feature more seamless.

But FB has kind of burned any goodwill anyone had for them, so I can't exactly
be sympathetic if that's the case and they're getting skewered but didn't do
anything nefarious.

~~~
judge2020
I find it a little hard to believe tapping on a profile picture "accidentally"
opens the camera shutter, and behind the main UI nonetheless. Maybe this is an
edge case for their UI tests and human QA didn't catch it?

~~~
easytiger
Have a one plus 7 pro with a pop up camera. There are a number of websites
that seems to invoke the camera. Becomes more viscerally disturbing when it
just pops up out of nowhere.

~~~
aembleton
I found this only happened in Firefox. No other app caused it, so I disabled
the camera permission for Firefox and it's stopped doing it.

Definitely disturbing having it pop out and you know something is trying to
read it.

~~~
extra88
Mobile Firefox doesn't have per-domain camera permissions with the default
being "ask?"

~~~
aembleton
Yes, I think it does; but Firefox still popped the camera up so I blocked it
at the OS level.

------
knzhou
Every week or so there's a new theory that some tech company is constantly
using your phone's microphone or camera and siphoning all the data back to HQ.

Every time the reason is the same: incompetence. Something like this can
result from a single misplaced line of code. On the other hand, no tech
company on Earth wants to have the job of processing a billion extra audio or
video feeds. This would require enormous resources, on the scale of whole
engineering departments, for questionable gain. And it couldn't be secret,
because the _point_ of gathering all that data is to target ads, so
advertisers would have to know about it. The notion that this is intentional
is about as credible as the average conspiracy theory.

(Of course, _selective_ monitoring by the government is perfectly possible --
but we already knew that, and it would be a lot more subtle than this.)

~~~
pembrook
I love hacker news but this is one trigger topic where the community goes a
little crazy.

Your comment is entirely rational and yet it’s been downvoted to the bottom.
Privacy is an extremely important issue, but it’s 100% clear in this case that
Facebook is not doing anything nefarious here.

I’ve got a buddy in growth marketing who tells me any headline inciting
privacy hysteria is a super easy way to game the front page here.

~~~
jesterson
Community goes crazy because community values it's privacy, while big
corporations are exploiting it for obvious reasons.

You are saying FB is not doing anything nefarious here like Cambridge
Analytica never existed. And it's only one thing we know - how many leakages -
or shall we call it deliberate exploitation of personal information - we were
not aware of?

While corporations will continue dealing with private data as they please
without letting us know, those cases will gain attention.

------
greggman2
I really wish the App store rules made it so non camera apps were not allowed
to access the camera and had to ask the OS to present the OS camera. Same for
access to the photos. I wish an app asked the OS for photos and an OS level UI
let the user choose the pictures and only those pictures are provided to the
app. As it is any app that asks for camera access gets too much access and any
app that asks for photo access gets access to all photos. neither of those are
in line with Apple's privacy stance

------
chance_state
I can't wait for the post in the Facebook Newsroom:

"For the last two years, we have been accidentally using your facial reactions
when scrolling past sponsored content in order to more closely tailor your
Facebook experience to you. We've very, very sorry, and we'll disable this
feature in a coming update. As always, your trust and safety are our number
one concern."

------
fingerlocks
Some responses to that tweet point out that this is a UI bug when using the
“Add Story” feature, as certain UI elements can still be seen on the camera
feed.

Looks like a Hanlon’s Razor situation.

~~~
fulafel
Hanlon's razor is conditional to having a low level of paranoia towards the
actor. If your perceived prior probability (in bayesian terms) of villainy is
high, it doesn't apply.

------
oflannabhra
Instagram does screen recordings when a user is in certain portions of the
app. If you swipe to the right and then back again, you will see a small red
indicator in the status bar finish its animation. You can also see this if you
return to the home screen quickly.

I removed camera and microphone privileges from the app when I saw this, which
means I can’t create Stories anymore.

------
jangid
Anyway it was consuming too much of battery (phone's as well as mine). So I
switched to FF browser on iOS. Then after some months I stopped going to FB.

Now I have lots of productive hours.

------
tga
I would love to have a (software) indicator that the camera/microphone are
being accessed, similar to the location services icon. I think that would
already be enough for users to start asking questions and keep abusive use in
check.

------
wtmt
Seeing the Chromium blog post that said it’s going to put a “slow badge” on
some sites based on speed and responsiveness measurements, I’d like to see
Apple put an “usually untrusted” or “deeply untrusted” badge that’s shown
every time the Facebook, FB Messenger, Instagram, WhatsApp and related apps
from that company are opened on Apple made devices. There needs to be a lot
more mass shaming on Facebook the company and it’s endless loop of “oops, it
was a bug, we’re sorry” abominable practices.

~~~
scarface74
In this case it’s simple. When Facebook asks to have access to either your
camera, microphone, or photos library, just say no. You can still use the
photo picker to upload pictures without giving FB access to your library.

~~~
wtmt
Yes, I know that, but most users wouldn’t know or wouldn’t follow that because
it’s inconvenient. But I don’t agree with this solution for this particular
case. It is a good practice in general.

In this instance, nobody would expect that an app that you gave camera or
microphone access to would be recording video or audio without you explicitly
initiating such a recording. Imagine if WhatsApp was found to be recording
audio all the time while you were reading chats or responding to chats in text
just because you gave the microphone permission to it since you use it
occasionally to send voice messages to certain people. Would that be
acceptable, bug or otherwise? Why should one’s reaction be any different for
the Facebook (or any other) app?

What’s happening here is a serious violation of trust and expectations.

~~~
rapnie
Are WA voice and vid calls also e2e encrypted, or only the text msgs you send?

------
Phillips126
And if the claim is true and provable, Facebook ($55 billion revenue 2018)
will probably be fined $1-4 million which will sure "teach them a lesson" to
never be bad again!

Google, Facebook, and others must just have a budget set aside for these
issues - costs of doing business I guess as they profit more than they are
fined.

------
djsumdog
Is it possible to install custom CAs on a jailbroken iOS device and use a man-
in-the-middle proxy? The difference between honest mistake and sinister intent
should be clear if FB is transmitting any of that audio or video data while it
has access to the camera without you knowing.

~~~
dev_dull
This can be done easily and without jail breaking on any iPhone with tools
such as Charles proxy (provided they don’t do certificate pinning). They work
by having you generate, install, and trust a profile which includes a root CA.

------
why-oh-why
If you swipe right on the feed you’ll open the camera. I’m gonna guess this is
a bug related to that.

------
dvhh
Do someone have a solid reproducer ?

[https://reclaimthenet.org/iphone-facebook-camera-access-
bug/](https://reclaimthenet.org/iphone-facebook-camera-access-bug/)

So far it seems to only affect iOS 13.2. for iphone 8 or older devices

------
kahlonel
I don’t know why would anyone install the FB app on their iPhone. The mobile
version is sufficiently good, given the fact that their app doesn’t even
support messaging.

------
jmkni
Can iOS apps use the camera without the user seeing the banner at the top?

I was under the impression that was baked into the OS?

------
SN76477
FB are just no longer trusted by me.

------
Apocryphon
Facebook has somewhere in the ballpark of 800 iOS developers. And fewer than
eight apps.

------
rollulus
iOS has this feature that shows per app a coarse history of its access to
location info; an similar overview for camera access would be useful too.

------
an2911k
I see all the comments and everyone is blaming Facebook. What about Apple? Why
did Apple let such an app through unless Apple was fine with it...

~~~
colejohnson66
Because they didn’t know about it? It’s not a conspiracy.

