A Twitter user @JoshuaMaddux has been making rounds in the news after he spotted Facebook’s iPhone app using the device’s camera when not required. His tweet was picked up by TNW, who were able to reproduce the issue on their iPhone.
Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl
— Joshua Maddux (@JoshuaMaddux) November 10, 2019
Joshua notes that the bug “lets you see the camera open behind your feed.” The said issue specifically comes up when someone closes a photo or video in their feed on iPhones (mostly running iOS 13.2.2) by swiping down.
Things are normal on devices with lower iOS versions, including 13.1.3 and iOS 12, he said after testing five iPhones. However, a user @custard_guts claims to have reproduced it on his iPhone 8 running iOS 13.1.3.
In most cases, the Facebook app already has permission to access the device’s camera and microphone. So, using the same whenever it wants shouldn’t be a problem.
But the said issue can’t be reproduced on devices where these permissions have been revoked. In such a situation, the area where the camera footage is present appears black.
While trying to reproduce the issue on my iPhone SE running iOS 13.2.2, I could find only the black area instead of the camera footage. This happened even after I specifically enabled the camera and mic permissions.
So, Facebook is spying on us?
Now, at first, this looks like some privacy concern on the part of Facebook that is allegedly trying to slurp video footage off users’ iPhones, possibly to capture their reactions while looking at photos. But giving it a second thought makes us realize that it could merely be a careless coding slip.
As noted by some users, the camera thing seems to be the “Add Story” interface taking a peek because of misalignment in the UI. According to the user @Will Hackett, it could be “the swipe action preparing the camera so that it’s available quickly.” He suggests using mitmproxy to intercept the traffic for further investigation.
It still can’t be said whether it is a bug or a feature. But surely it has triggered privacy talks, jokes, and leg-pulling on social media. If it actually is a spying thing, then Facebook has failed us real bad.