Facebook Accused Of Secretly Accessing Your iPhone's Camera In Epic Security Facepalm
There is apparently a "bug" in the current version of the Facebook app for iOS that results in some pretty atypical behavior. According to Joshua Maddux, who first discovered the oddity and posted video evidence to Twitter, the Facebook app is actively querying the iPhone's camera in the background when scrolling through the News Feed.
If you have an iPhone, and have given the app access to your camera, you should be able to duplicate Maddox's findings. It's reported that the issue is present in iOS 13.2.2 (the latest public release of iOS), but some users are said to be experiencing problems with prior releases.
Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl— Joshua Maddux (@JoshuaMaddux) November 10, 2019
The Next Web says that it was able to verify the existence of the bug with their own iPhones running iOS 13.2.2, but we were unable to replicate the issue with our in-house (and up-to-date) iPhones. Regardless of the reach of this current bug, it's a pretty serious privacy "fail" for Facebook to be accessing your camera in the app when you didn't specifically ask it to. Facebook should only be calling to the camera is you are attempting to capture a photograph or a video using the app; it shouldn't be activating when you are simply navigating through the UI.
Given the epic privacy breach that occurred at the hands of Cambridge Analytica, Facebook doesn't need another high-profile mishap to drag its name through the mud. As TNW reports, "It remains unclear if this is expected behavior or simply a bug in the software for iOS (we all know what Facebook will say; spoiler: “Muh, duh, guh, it’s a bug. We sorry.”)."
We surely hope that this is a bug, because even a company like Facebook with a spotty track record with respect to privacy and security isn't this brazen to pull a stunt like this on purpose... or at least hope they aren't.