One of the privacy features of iOS is that apps are required to ask permission if they want to access things like your photos, camera and location. But a Google engineer has created a demo app to show how a rogue app could abuse permissions to surreptitiously photograph you as you use the app – or even livestream video from your front or rear cameras.
The issue, says Felix Krause, is that users are asked to grant blanket permission. There may be a legitimate-seeming reason for an app to request access to your camera, to take a photo within the app, but it is then able to shoot photos and video anytime it is in the foreground without alerting you in any way …
more…
