iOS Apps with Camera Access Can Secretly Take Photos and Videos

Felix Krause, the developer and creator of fastlane.tools, recently warned about the dangers of fake dialog boxes in iOS that closely resemble system password prompts from iCloud, iTunes, or GameCenter. Now, Krause has discovered another concerning feature in iOS. It turns out that any app with access to a device’s camera can take photos and videos, potentially without the user’s knowledge.

The researcher explains that this is not a bug—this behavior is what allows spy apps like Stealth Cam and Easy Calc — Camera Eye to exist. Krause is seriously concerned, as most users don’t remember which permissions they’ve granted to which apps. Many apps request camera access immediately after installation, for example, to set up a profile picture.

“Most people have no idea this is possible. They think the camera is only used when they’re actively using it and see the LED blinking,” says Krause. “Messengers or news feed apps can easily track a user’s face, take photos, or transmit images from the front and rear cameras outside the device, all without the user’s consent.”

Krause notes that in the latest version of iOS, apps can also automatically detect when a second person appears in the frame, activate the facial recognition toolkit, monitor the user’s mood while using the app, and more. As a proof of concept, the researcher presented an app called watch.user, which takes photos of the user’s face while they simply scroll through their feed.

The researcher writes that the only truly reliable way to protect yourself from such surveillance is to physically cover your camera lenses. He also recommends revoking camera permissions for third-party apps and using only the built-in camera app for taking photos and videos. Krause advises Apple developers to add a clear LED indicator for camera use and to introduce one-time permissions for apps.