iPhone owners, beware. It appears Facebook might be actively using your camera without your knowledge while you’re scrolling your feed.
The issue has come to light after a user going by the name Joshua Maddux took to Twitter to report the unusual behavior, which occurs in the Facebook app for iOS. In footage he shared, you can see his camera actively working in the background as he scrolls through his feed.
The problem becomes evident due to a bug that shows the camera feed in a tiny sliver on the left side of your screen, when you open a photo in the app and swipe down. TNW has since been able to independently reproduce the issue.
Here’s what this looks like:
Found a @facebook#security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl
— Joshua Maddux (@JoshuaMaddux) November 10, 2019
Maddux adds he found the same issue on five iPhone devices running iOS 13.2.2, but was unable to reproduce it on iOS 12. “I will note that iPhones running iOS 12 don’t show the camera (not to say that it’s not being used),” he said.
The findings are consistent with our own attempts. While iPhones running iOS 13.2.2 indeed show the camera actively working in the background, the issue doesn’t appear to affect iOS 13.1.3. We further noticed the issue only occurs if you have given the Facebook app access to your camera. If not, it appears the Facebook app tries to access it, but iOS blocks the attempt.
It remains unclear if this is expected behavior or simply a bug in the software for iOS (we all know what Facebook will say; spoiler: “Muh, duh, guh, it’s a bug. We sorry.”). For what it’s worth, we’ve been unable to reproduce the issue on Android (version 10, used on Google Pixel 4).
Whatever the reason for it, though, this behavior is particularly concerning — especially considering Facebook‘s atrocious track record when it comes to user privacy (remember Cambrdige Analytica?).
By now, everyone should be well aware that any iOS app that has been granted access to your camera can secretly record you. Back in 2017, researcher Felix Krause spoke to TNW about the same issue.
At the time, the researcher noted one way to deal with this privacy concern is to revoke camera access (though that arguably doesn’t make for a smooth software experience). Another thing he suggested is covering up your camera — like former FBI director James Comey and Facebook‘s own emperor Mark Zuckerberg do. Learn from the pros I guess.
We’ve reached out to Facebook for further comment, and will update this piece accordingly if we hear back.
Update November 13, 7:20AM UTC: Facebook has confirmed the issue, calling it a bug (who would’ve guessed, right?).
“We recently discovered our iOS app incorrectly launched in landscape. In fixing that last week in v246 we inadvertently introduced a bug where the app partially navigates to the camera screen when a photo is tapped,” Facebook VP of Integrity Guy Rosen tweeted. “We have no evidence of photos/videos uploaded due to this.”
So, at least that.
In the meantime, Rosen says Facebook is submitting a fix to the App Store.