* They would need to visit a website using webrtc
* Grant Firefox the Android camera/microphone permissions
* They would then be prompted to allow the website access to the camera and microphone
* For this to be a persistent problem the user would need to check a box that says "Remember my decision for this site" this is unchecked by default in the above dialog
As comments here and in the bug there are cases where leaving the camera active is useful so this is not as cut and dry as the title leads you to believe.
I think that depends on whether you interpret the comment as trying to mitigate the perceived magnitude of the issue, or provide clear and concise information on what the issue entails.
I read it more as a "here's what the preconditions are, and there's some question as to whether the issue is actually a bug or not", and not "you have to do this for it to be a problem, so it's less bad than you think", so the wording didn't seem problematic at all to me.
Consider that I might want to record an encounter with law enforcement on the sly, and also want to keep my phone locked to make it harder to tamper with if it's seized.
Regardless, an app like Firefox should not be doing this, or even offer it as an option. There are certainly legitimate use cases even for Firefox, but I think with a web browser there's too much possibility for abuse and security/privacy issues to make it worth it.
I disagree with the permission part, I hate how everyone's solution to any problem is to just add a toggle or another level of complexity to the app.
But the solution to the first part is easy and something that already exists all over Android. Simply have a persistent notification saying "The camera is currently active" which can't be dismissed until the camera is turned off. This is used in newer version of Android for any background task doing non-trivial work, really.
Why shouldn't I be able to use a website called imgettingpulledover.com on Firefox instead of an app to do the same thing that you just described?
EDIT: posted this before the edit, edited version makes sense.
If there's not, the app looses access to the camera while the app is backgrounded/the phone is locked.
One feature that’s been in the iPad for a few years and coming to the iPhone in the fall is picture in picture where a video call doesn’t take up the entire screen and as long as PIP is enabled, you can have your video call minimized and do something else.
Unfortunately, I doubt Android will ever be able to rely on a separate visual indicator of recording, since that's another hardware component and probably hard (if not impossible) for Android to enforce.
You might argue about a video surveillance app which you install and which you explicitly grant the permission of filming while the lock screen is on, for example with an old device which you want to use as a security camera, but that is a completely different use case.
For these reasons and I'm sure many more, it should not be surprising that the geek-, security-, and privacy-oriented HN crowd has more positive assumptions about Mozilla than Google.
> videoinput: id = csO9c0YpAf274OuCPUA53CNE0YHlIr2yXCi+SqfBZZ8=
> audioinput: id = RKxXByjnabbADGQNNZqLVLdmXlS0YkETYCIbg+XxnvM=
> audioinput: id = r2/xw1xUPIyZunfV1lGrKOma5wTOvCkWfZ368XCndm0=
and if the user has allowed access to the camera/mic
> videoinput: FaceTime HD Camera (Built-in) id=csO9c0YpAf274OuCPUA53CNE0YHlIr2yXCi+SqfBZZ8=
> audioinput: default (Built-in Microphone) id=RKxXByjnabbADGQNNZqLVLdmXlS0YkETYCIbg+XxnvM=
> audioinput: Built-in Microphone id=r2/xw1xUPIyZunfV1lGrKOma5wTOvCkWfZ368XCndm0=
Disappointing state of affairs overall.
the site I used to test: https://browserleaks.com/webrtc
That's how modern fingerprinting tends to work. A few bits here, a few bits there, all combined.
My telco uses a heavily obfuscated script where all the variables are just a bunch of hex that uses every conceivable fingerprint technique in the book.
Shockwave Flash, remote fonts, WebRTC, Silverlight, vector graphics, HTML5 cookies, hardware fingerprinting etc.
WhatsApp, FaceTime, and Zoom do this but they will pause video while in the background.
Personally I would be annoyed if calls were killed while swapping to other apps.
The Jitsi team is pretty responsive on GitHub, and this sounds like the kind of issue that might be a good self-contained task for someone to work on.
Web browser shouldn't be doing it tho.
By the way: You might want to try recording something while walking around with your phone in your pocket. My guess is that your clothing will muffle sound. Any movement will cause fabric to rub against the phone, drowning out the sound you actually want to record. Even if your tactic did work, I'm not sure it would have captured much of the conversation.
Many android phones detect being in pocket and lock screen automatically to prevent accidental touches.
An app which requests the appropriate permissions and gets them granted is really welcome to display this behavior, but not a web browser.
Through the Android permissions system, I can block Firefox accessing my camera or microphone. I do sometimes want Firefox to have access to those things, so I temporarily allow the permissions.
At the same time, there's the desire to know that when your phone is not in active use (i.e. locked) it's not recording you.
I think this is a textbook case of where our expectations are contextual, and conflicting. A naive adherence to one expectation or the other will leave people unhappy. Perhaps then, a less naive behavior (prompting on lock, a visual indicator of any recording, etc) is sufficient.
Because part of this has to do with security/privacy and at the device level, this is really something Android needs to tackle. None of the solutions I proposed are really appropriate for an application, since that would imply an application has control over them, and they are useful only if an application can't change them so you can have assurance they work as expected.
This is less an issue of trusting Firefox, which I do (for the most part, but it does have a large security surface to be aware of since it runs remote code), and more an issue of trusting something like Zoom or Tik Tok, which I don't really.
When not in use neither the mic nor the camera would get power and the leds tied to the same power connection. If they're on, you know they're on.
Yeah for "ok google" or whatever service it would be on all the time, but you'd know.
A physical switch to cut power would be nice too.
I know there are likely some software complications such as checking 'hey does the camera work / is it there' but maybe that's more of a symptom of a problem.
On Android you have the pop-up phones of course! Sadly they are super heavy... I was checking the Poco F2 last weekend and it's > 200 grams which is really a lot. Great for privacy though (and I really don't care about the front cam much anyway).
I wouldn't be surprised if this feature came to Big Sur too though! But the current beta doesn't have it.
On the subject, I would really prefer this to be an option as well, even with the default being not the current default, however I see that there is a general trend of removing a lot of fine tuning knobs in apps (android or otherwise) in the sake of reducing complexity for the end-user.
What about a voice calling app that doesn't have video calling support?
What about a sound recorder, voice recorder, music capture or PTT/walkie-talkie app?
What about something like Shazam?
I have great* confidence the camera is off when, after hitting the home key, I actually see the permissions for the app switch off.
I lately started to use Appwarden  to check some apps, and I'm amazed how messed up the App ecosystem is in terms of advertising trackers and abusive CDNs - even if you use only AOSP builds, no gapps, and only f-droid, you can get compromised very easily.
I remember that at some point it was possible to open a Youtube video in Firefox for Android, lock the screen, and it kept on playing. It was great for some podcast-like / talking channels.
Then either Firefox changed or Youtube cracked down on this.
You can keep it from pausing by requesting the desktop site in Firefox. The mobile site pauses, the desktop site just keeps playing.
I don't think the websites cares much, at least it didn't for me and I tested it with a music video (something Youtube usually doesn't like you playing in the background without a subscription). Your phone's settings and optimizations are a more likely culprit, in my opinion.
Imagine you are recording a video, and you turn of the screen to save power - why would you expect it to stop recording?
I absolutely want the Jitsi call to continue in the background while I quickly look up something in the calendar.
Though I have to admit I didn't try. I've only used it on the PC and Mac. I love Jitsi though, for some reason it's sooo much smoother video than MS Teams. Really adds a lot to the communication. I wish I could use it for work, but there it's Microsoft or nothing :P
The OS should block new uses of the camera if it's locked (sort of - face unlock obviously needs an exception), but killing existing ones seems rather aggressive and would create a new form of user hostility in relatively common situations.
For video I agree it doesn't make much sense, but in a web app world if you're recording video you may want to turn off the screen or do other things just like a computer. It should at least show you in the notification area.