Hacker News new | past | comments | ask | show | jobs | submit login

That's not "vulnerable to a flaw". You make it sound like there's some sort of security bug or buffer overflow in the OS that lets any app turn on the camera at will.

The "flaw" is that apps you explicitly gave permission to use the camera, can use it! All they've done in P is notice that they can tighten the permission even further so the app has to be in the foreground to use that permission.

The lack of this wasn't a vulnerability though. Mobile operating systems have been implementing finer grained permissions and security through their entire lifespans. For sure that trend will continue. If we spin every improvement to privacy controls as "fixing a vulnerability" it's just a form of crying wolf that will lead people to ignore security updates even more than they already do.






The parent didn't say "vulnerability" in the "security vulnerability" sense. They sad "vulnerable to a flaw", i.e. there is a design flaw and those versions have that design flaw - meaning users of it are vulnerable to apps taking advantage of that design flaw. I'd say it leaves users "vulnerable", and it's definitely a "flaw". It may be an API working as intended - but that doesn't mean it isn't flawed to the point of being embarrassing.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: