A newly discovered bug shows the Facebook app using the iPhone’s rear camera while users consume content in the app. It’s unclear whether the bug is being caused by Apple or Facebook.
The bug has been documented by several Twitter users and appears to be triggered when opening photos and videos in the Facebook iOS app and then closing them. Once the photos or videos are opened and closed, the Facebook app can be seen using the rear iPhone camera.
Click here to display content from X.
Learn more in X’s privacy policy.
Click here to display content from X.
Learn more in X’s privacy policy.
Click here to display content from X.
Learn more in X’s privacy policy.
Joshua Maddux said he has confirmed the bug across five different iPhones running iOS 13.2.2. He added that iPhones running iOS 12 don’t show the camera.
Click here to display content from X.
Learn more in X’s privacy policy.
Uninstalling and reinstalling the app does nothing to fix the bug according to Maddux. However, based on Maddux’s tests, turning off camera access in an iPhone’s settings shows a black area where Facebook is attempting to use the camera.
While the bug only appears to be affecting users that have allowed Facebook to access the camera in their iPhone’s settings, most users grant these permissions under the assumption that the camera will be used to perform camera-centric functions such as taking photos or recording videos.
Even though users can see the camera on-screen, this doesn’t mean the Facebook app can access audio or visual data. However, several users who noticed the bug were alarmed by the discovery.
Click here to display content from X.
Learn more in X’s privacy policy.
Click here to display content from X.
Learn more in X’s privacy policy.
Click here to display content from X.
Learn more in X’s privacy policy.
Click here to display content from X.
Learn more in X’s privacy policy.
This isn’t the only recent privacy issue that has affected Facebook over the last few days. A recently discovered vulnerability in Facebook’s block function showed that it leaks identity information to users who have been blocked and reduces the privacy protections associated with this function.
Update – November 13, 2019: Facebook says it has fixed the bug.