Facebook is misusing the camera on the iPhone, with the app turning it on while users view their feed for reasons unknown.
The way the iOS Facebook app mismanages the iPhone's camera has been uncovered, one which may be a privacy risk. The app is shown to be using the camera on the iPhone while the user is browsing the app, even if they are not actively taking a photograph or performing some other task with any of the imaging sensors.
Posted to Twitter by Joshua Maddux and reported by The Next Web, opening a photo in the iOS app and swiping down will show a sliver of a live camera feed on the left-hand side of the display. Maddux has been able to reproduce the problem on five different iPhones running iOS 13.2.2, with the issue successfully reproduced by others.
Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl
-- Joshua Maddux (@JoshuaMaddux) November 10, 2019
While a potential issue, the camera only appears in this way if the iPhone is running iOS 13.2.2, as earlier iOS releases were unaffected. It also seems to only occur if the user has previously given Facebook permission to use the cameras, as otherwise it is blocked by the operating system.
Facebook has yet to comment about the discovery, but given the limited circumstances for it to manifest, it is likely the social network will play it off as a bug. It is plausible for Facebook to argue it needs to preemptively access the camera so it can be immediately available when the user actually needs it, rather than waiting for the camera to load.
While the situation may be innocent in nature, privacy critics of Facebook may consider it to be a more sinister issue.
In October 2017, it was demonstrated a malicious iOS app could feasibly spy on the user by recording from both front and rear iPhone cameras without their knowledge while they performed other functions in the app. The proof-of-concept app did require users to accept the request for camera access, but the concept app was constructed primarily to see how far the granted permissions could be pushed.
Facebook is also still recovering from the Cambridge Analytica scandal that cost it $5 billion and changes to its operation to make it more accountable for privacy-related decisions.