Facebook app has been secretly accessing users' cameras while they read news feed
By Charlie Duffield
The Facebook app has been secretly accessing users’ iPhone cameras as they scrolled through their news feed.
This occurrence is due to a bug in the latest version of the iOS app. Whilst on Apple computers it is apparent when the camera is recording, on the app there is no indicator to show when the camera is being accessed.
According to Facebook, a bug was accidentally added to the iOS app code during a fix for another issue, but there is no evidence that photos or videos are being sent to servers. An update has been submitted to Apple which should solve the problem.
Until that is enacted, the security flaw can be avoided by simply adjusting the iPhone settings so Facebook cannot see the camera.
Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl
— Joshua Maddux (@JoshuaMaddux) November 10, 2019
The presence of the bug was revealed after users realised the app would sometimes move the entire feed to the right.
Below the main app a new screen could be seen which played video from the phone’s built-in camera. Joshua Maddux, Facebook user and owner of web design firm 95Visual, tweeted a screen recording this weekend showing how his camera would open whilst he scrolled through his social media feed.
Facebook claimed to have accidentally introduced the behaviour in an attempt to fix another bug.
Guy Rosen, VP of Integrity at Facebook, commented on Tuesday: "We recently discovered that version 244 of the Facebook iOS app would incorrectly launch in landscape mode.
“In fixing that issue last week in v246 (launched on 8 November) we inadvertently introduced a bug that caused the app to partially navigate to the camera screen adjacent to News Feed when users tapped on photos.
"We have seen no evidence of photos or videos being uploaded due to this bug. We’re submitting the fix for this to Apple today."
Head of security analytics at the Silicon Valley-based cybersecurity firm Vectra, Chris Morales, believes this bug is nothing to worry about, The Guardian reports.
He said: “This is mostly a harmless bug that allows Facebook to use the camera but it is not a compromise or breach of personal data or privacy.
“The easiest thing to do is for users to disable the use of the camera in the iPhone app settings”.