Reportedly, multiple iPhone users have come forward on social media complaining that the Facebook app secretly activates their smartphone's camera in the background while they scroll through their Facebook feeds or looking at the photos on the social network.
As shown in the Twitter videos below, when users click on an image or video on the social media to full screen and then return it back to normal, an issue with the Facebook app for iOS slightly shifts the app to the right.
It opens a space on the left from where users can see the iPhone's camera activated in the background.
However, at this moment, it's not clear if it's just an UI bug where Facebook app incorrectly but only accesses the camera interface, or if it also records or uploads something, which, if proven right, would be the most disastrous moment in Facebook's history.
Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl— Joshua Maddux (@JoshuaMaddux) November 10, 2019
The issue immediately got the attention of other Facebook users, many of them tried reproducing the issue but failed, which likely suggests the buggy software update has not been rolled out to everyone worldwide and might affect a fraction of Facebook users only.
The Hacker News was also not independently able to reproduce the bug and, thus, can not verify the authenticity, extent and severity of the issue.
Joshua Maddux, one of the users who discovered this bug, claimed that he tested and was able to replicate it on at least 5 different iPhones running iOS 13.2.2, which is the latest iOS version.
"I will note that iPhones running iOS 12 don't show the camera but not to say that it's not being used," Maddux said.
Facebook app on iOS 13.2.2 opens my phone's rear camera when I open a profile photo swipe down to return (look at the little slit on the left of the video). Is this an app bug or an iOS bug?? @facebook @AppleSupport pic.twitter.com/WlhSXZulqx— Daryl Lasafin (@dzlasafin) November 10, 2019
Some users also tested the issue after revoking camera permissions from Facebook, and they found that the background space was just a black screen in that case.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Since none of the Android users has yet noticed or complained about a similar flaw in Facebook, it seems like the bug only affects some Facebook for iOS users.
The news came less than a week after Facebook admitted that roughly 100 app developers might have improperly accessed its users' data in certain Facebook groups, including their names and profile pictures.
We've reached out to Facebook for more information, and if we hear back from them, we'll update this post.
Update - It's a bug, Facebook confirmed!
A spokesperson for the Facebook confirmed The Hacker News that it's indeed a bug, saying:
"We recently discovered that version 244 of the Facebook iOS app would incorrectly launch in landscape mode. In fixing that issue last week in v246 (launched on November 8th) we inadvertently introduced a bug that caused the app to partially navigate to the camera screen adjacent to News Feed when users tapped on photos. We have seen no evidence of photos or videos being uploaded due to this bug. We're submitting the fix for this to Apple today."
"Triggering this bug activated the camera preview, and once triggered, the preview remained active until you tapped elsewhere in the app. At no point was the preview content stored by the app or uploaded to our servers," Guy Rosen, VP Integrity at Facebook said.
"We've confirmed that we didn't upload anything to FB due to this bug and that the camera didn't capture anything since it was in preview mode. We've submitted a fixed version to the App Store which is already rolling out."