A Google security researcher has discovered an alarming loophole in the way iPhone apps are granted access to a user’s smartphone camera.
Security researcher Felix Krause demonstrated how iPhone apps are able to secretly record video and takes photos without the user knowing.
Mr Krause exposed the loophole after creating an app that could take a picture of its user every second and upload them to the cloud without the user knowing.
When you download an app you are normally required to grant it permission to use certain functions or access specific areas of your smartphone. This can and often includes the camera.
However, once the permission has been granted it can access the camera at any time, without ever notifying the user.
In a blog post detailing the loophole, Mr Krause urged Apple to change the way apps are granted access to iPhone cameras.
“Once you take and post one picture or video via a social network app, you grant full access to the camera, and any time the app is running, the app can use the camera,” Mr Krause wrote on his blog.
Unlike on a Mac which displays a green light when the camera is in use, there is no such indication that an app is recording video from an iPhone.
Mr Kraus said that his discovery is not the result of a security flaw but is just how Apple designed its permissions system.
He warned that malicious apps could take advantage of the loophole to spy on users without their knowledge.
He demonstrated the loophole in a video uploaded to YouTube.
Mr Krause said Apple should design a system that allows apps temporary access to the camera or add some kind of warning light or notification which informs users when the iPhone camera is in use.