A new bug on Facebook for iOS allows the app to secretly record through iPhone camera in the background, as users scroll through their personal feed, reports The Next Web.
Discovered and posted by Joshua Maddux on Twitter, the issue secretly activates users’ iPhone camera without their permission while they scroll through their Facebook feeds via the app. The bug keeps the camera active even if the users are not taking or looking at a photograph on the social network or doing some other task with any of the imaging sensors.
Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl
— Joshua Maddux (@JoshuaMaddux) November 10, 2019
Similar unusual behavior was noticed by a number of users who posted videos online demonstrating it.
I take the phone back out, but there’s no indication on the lock screen to say audio or video was playing. I unlock the phone, and there’s the video on @Instagram playing away.
— Neo QA (@neo_qa) November 2, 2019
Facebook app on iOS 13.2.2 opens my phone’s rear camera when I open a profile photo swipe down to return (look at the little slit on the left of the video). Is this an app bug or an iOS bug?? @facebook @AppleSupport pic.twitter.com/WlhSXZulqx
— Daryl Lasafin (@dzlasafin) November 10, 2019
As one can see from above, the rear camera is turned on as the user scrolls through the feed. Below the main app, a different screen can be seen that shows a video from the phone’s built-in camera.
Maddux claimed that he tested and was able to reproduce the bug on at least five different iPhones running iOS 13.2.2, which is the latest iOS version. However, the issue was not found to be present on devices running iOS 13.1.3.
Likewise, none of the Android users of Facebook app have noticed or complained about a similar flaw, which means that the bug only affects some iOS users of Facebook app.
Commenting on the bug, Facebook’s VP of integrity Guy Rosen responded via Twitter, saying: “Thanks for flagging this. This sounds like a bug, we are looking into it.”
In an another tweet, Rosen said they have already submitted a fix for the bug to Apple and are waiting for approval.
“We recently discovered that version 244 of the Facebook iOS app would incorrectly launch in landscape mode. In fixing that issue last week in v246 (launched on November 8th) we inadvertently introduced a bug that caused the app to partially navigate to the camera screen adjacent to News Feed when users tapped on photos. We have seen no evidence of photos or videos being uploaded due to this bug. We’re submitting the fix for this to Apple today.
It’s unclear when the updated Facebook app will be made available to iOS users. Meanwhile, it is recommended to revoke Facebook’s access to the camera until the problem is fixed. You can do this by going to Settings and heading to Facebook option. Tap Facebook and under Allow Facebook to Access, turn off the switch beside Camera.
The news comes less than a week after Facebook disclosed that roughly 100 app developers were given unauthorized access to users’ data in certain Facebook groups over the last 18 months, which included information such as their profile pictures, names, and more.
