An iOS bug gives Facebook background access to your iPhone’s camera

A new iOS bug allows the Facebook app to access your iPhone’s camera in the background. Discovered by Joshua Maddux who posted about it on Twitter, the issue keeps the camera active as you scroll normally through your personal feed.

Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl

— Joshua Maddux (@JoshuaMaddux) November 10, 2019

The glitch isn’t apparent at first glance but when you open a picture on the Facebook app and swipe it down to return to the feed, you will notice the camera’s viewfinder is visible on the left edge. Since Maddux brought it to light, several other iOS users have been able to replicate it as well.

Maddux was able to reproduce the bug on five iPhones running iOS 13.2.2 himself and adds it likely doesn’t affect phones on versions before iOS 13. Although that does mean it impacts over half of all active iPhones.

Plus, a bunch of replies to Maddux’s tweets claim they’re able to re-create it on their iOS 12-running iPhones. We’ll have to wait for a comment from Apple or Facebook for more technical details and confirmation.

The issue may be nothing more than a harmless error caused by an iOS 13 API change. Apple’s latest update for iPhones has had an adventurous launch as users continue to unearth new bugs nearly every other week.

Further, we found that it’s not present on Facebook’s Android app.

But to stay safe, it’s best to revoke camera access for the Facebook app on your iPhone. You can do that by heading into the Settings and scrolling down till you come across the Facebook option. Tap Facebook and under AllowFacebook to Access, turn off the switch beside Camera. Depending on when you’re reading this, you can also go into the App Store and check for updates for the Facebook app.

A week ago and like clockwork, Facebook was in the news for another privacy oversight. In a blog post, the company said that about 100 third-party app developers had improper access to personal data of several groups’ members despite the fact that the social network overhauled its APIs to prevent this exact behavior last year.