All Devices Can apps take photos of you, send microphone audio, etc.?

Silly John Fatty · May 18, 2020

So I basically give no access to my camera roll, microphone or camera to any apps except preinstalled Apps by Apple, like Safari and so on. I recently read that if you have enabled access to some of these features, those apps can basically secretly record you, take pictures of you, etc. Is that true?

A lot of apps don't have the option that only allows the use of the feature when the app is being used, most of the time it's "never" or "always" or something like that.

So let's assume you have Shazam installed, and it needs access to your microphone, and it needs it all the time. Does that mean it is allowed to secretly record you and upload these recordings to their servers? What about apps that have access to your camera? Can they just take photos or videos of you and upload them to their servers? And finally, what about your photos? When an app can read your camera roll library, does that mean it can just sort of check out what's there (analyse meta data for example) or can it literally upload these photos somewhere?

All of that sounds terrible if you ask me.

BrianBaughn · May 18, 2020

You can probably find out more if you look at user agreements/terms or visit the website of the apps concerned, if there is one.

Let us know what you find out!

casperes1996 · May 18, 2020

It's not really a straight yes or no here.

Let me start with the reassuring part.
No matter what permissions you give an app, there's something called the "lifecycle" of an app. When an app goes to the background, it will be informed by the operating system that it's entered the background, which can be seen as a request to save what needs to be saved in case it doesn't come back. It has limited CPU time while in this state, and if it doesn't finish all its tasks before this limit is reached, the OS will just stop it. - This means that if the app decides to take pictures of you in the background, it will eventually be killed off. - But there are some exceptions to this rule since some tasks are of course fine to be performed in the background. For example, if the user is listening to audio, you wouldn't want that app to be stopped in the background. - In the past, Facebook has abused this by having basically silent audio being played to be kept alive for user tracking.
Apple has since tightened the restrictions however. To have a task run for longer in the background than the normal limit it needs to fall into certain categories that you register for, and your permissions will be limited depending on what category you register for.
But honestly, if you're worried an app might upload audio and video of you to some server in the background - why wouldn't the app just be doing the same thing in the foreground? If you give it camera permission, it can definitely do it in the foreground.

Unless it's an app made by Facebook or Google though, why bother and where would you store it all? It's not like the rest of us have petabyte data centres for spying on people.

KALLT · May 18, 2020

casperes1996 said:
No matter what permissions you give an app, there's something called the "lifecycle" of an app. When an app goes to the background, it will be informed by the operating system that it's entered the background, which can be seen as a request to save what needs to be saved in case it doesn't come back. It has limited CPU time while in this state, and if it doesn't finish all its tasks before this limit is reached, the OS will just stop it. - This means that if the app decides to take pictures of you in the background, it will eventually be killed off. - But there are some exceptions to this rule since some tasks are of course fine to be performed in the background. For example, if the user is listening to audio, you wouldn't want that app to be stopped in the background. - In the past, Facebook has abused this by having basically silent audio being played to be kept alive for user tracking.
Apple has since tightened the restrictions however. To have a task run for longer in the background than the normal limit it needs to fall into certain categories that you register for, and your permissions will be limited depending on what category you register for.

That is only half the story though. Suspended apps can wake up in background state without the user knowing, such as by app refresh, background notification, responding to VoIP calls, location alerts (if the option ‘Always’ is enabled) and perhaps others. Some of these permissions are not controllable by the user; some are enabled by default (e.g. app refresh). The salient question is: can apps access the microphone or the camera within the background state? And if so, is this visible to the user (e.g. a red bar at the top). I do not know the answer, I have never experimented with the two hardware APIs.

casperes1996 · May 18, 2020

KALLT said:
That is only half the story though. Suspended apps can wake up in background state without the user knowing, such as by app refresh, background notification, responding to VoIP calls, location alerts (if the option ‘Always’ is enabled) and perhaps others. Some of these permissions are not controllable by the user; some are enabled by default (e.g. app refresh). The salient question is: can apps access the microphone or the camera within the background state? And if so, is this visible to the user (e.g. a red bar at the top). I do not know the answer, I have never experimented with the two hardware APIs.

Correct; Just didn't want to dig too deep for that post, but you are correct. - I haven't experimented with it either to be honest, but in any case it kinda boils back down to what I wrote in my original post; Whether the app can do it in the background or not, if they want to do it, they're probably doing it in the foreground, which would be much easier and of equal concern I'd say.

McScooby · May 18, 2020

Jardins de Vin said:
So I basically give no access to my camera roll, microphone or camera to any apps except preinstalled Apps by Apple, like Safari and so on. I recently read that if you have enabled access to some of these features, those apps can basically secretly record you, take pictures of you, etc. Is that true?

A lot of apps don't have the option that only allows the use of the feature when the app is being used, most of the time it's "never" or "always" or something like that.

So let's assume you have Shazam installed, and it needs access to your microphone, and it needs it all the time. Does that mean it is allowed to secretly record you and upload these recordings to their servers? What about apps that have access to your camera? Can they just take photos or videos of you and upload them to their servers? And finally, what about your photos? When an app can read your camera roll library, does that mean it can just sort of check out what's there (analyse meta data for example) or can it literally upload these photos somewhere?

All of that sounds terrible if you ask me.

Apple own Shazam, wouldn't worry too much there!

pw5a29 · May 18, 2020

I'm pretty sure instagram is voice recording me while I'm scrolling through the feed

4492865 · May 19, 2020

casperes1996 said:
Correct; Just didn't want to dig too deep for that post, but you are correct. - I haven't experimented with it either to be honest, but in any case it kinda boils back down to what I wrote in my original post; Whether the app can do it in the background or not, if they want to do it, they're probably doing it in the foreground, which would be much easier and of equal concern I'd say.

Some actions give visual clues though like a red or blue status bar for video and voice recording... but not all. But I don’t know if that’s also true when woken up for background refresh. Interesting to know. I’m sure some of the evil tech companies have already tried it.

Aston441 · May 19, 2020

Facebook app did this a few years ago. Someone caught them so they stopped. Supposedly.

Silly John Fatty · May 19, 2020

I have read that since iOS 7 apps can run the mic, camera, read your photos etc. in the background without notification. Yes, not all of us have petabytes available to store such data, but when you developed an app and the sole purpose of the app - even if seems different from the outside - is just to sell that data and make tons of money with it, you can afford those petabytes, trust me. The big majority of apps work that way. And huge companies that buy our data are their clients, and there's not a shortage of these companies. Just look at the list of companies Macrumors sells our data to (you can see this list when it asks you to accept or deny cookies):

All Devices Can apps take photos of you, send microphone audio, etc.?

macrumors 68000

macrumors G4

macrumors 604

macrumors 603

macrumors 604

macrumors 65816

macrumors 6502

Cancelled

macrumors 68030

macrumors 68000

Our Staff