[HN Gopher] Firefox Android: Camera remains active even when the... ___________________________________________________________________ Firefox Android: Camera remains active even when the phone is locked Author : kkm Score : 96 points Date : 2020-07-07 18:52 UTC (4 hours ago) (HTM) web link (bugzilla.mozilla.org) (TXT) w3m dump (bugzilla.mozilla.org) | coronadisaster wrote: | wow that is really bad, I am increasingly loosing fate in Firefox | and I have been using it since v1.0 | GekkePrutser wrote: | I'm sure this wasn't intentional though. It doesn't even | benefit them in any way. It's not as if they were doing it to | steal information. It's just a bug, at least it's known now and | they'll fix it. | coronadisaster wrote: | assuming the NSA isn't behind it and cutting them a check | jacquesm wrote: | That's well into tinfoil hat territory unless you have some | proof of this. | coronadisaster wrote: | very true, but is there even a way to even know how much | money they get from the government? | techntoke wrote: | It is only a year old. I mean how high of a priority can it be to | not send your camera when your phone is locked or when you send | the app to the background? | ed25519FUUU wrote: | Furthermore, how does the OS even make this possible? | [deleted] | techntoke wrote: | Well for music, people may want to continue listening to | music when their phones are off or the app is in the | background. | | For video I agree it doesn't make much sense, but in a web | app world if you're recording video you may want to turn off | the screen or do other things just like a computer. It should | at least show you in the notification area. | disiplus wrote: | i can think a scenario where the phone is acting as a sort | of security camera. or you are using it as a replacement | for web cam when you stream from your pc. etc. but i agree | most of those are edge cases. | TeMPOraL wrote: | It's not as much of an edge case; spare (particularly, | old) phones and tablets are used as DIY home security | systems, baby monitors, etc. | AnthonyMouse wrote: | And even edge cases should be supported. Maybe the | default in Firefox should be to disable the camera when | you lock your phone, but then it should have a setting to | do otherwise, and it certainly shouldn't be rendered | impossible by the OS (rather than, say, having a separate | permission). | jhoechtl wrote: | Heck even for video. Google is hammering youtube pro down | my throat for the benefit of continuing pkaying while | backgrounded | kllrnohj wrote: | Accidentally bumping the power button shouldn't kill a video | I'm taking or a video conference I'm in. | | The OS should block _new_ uses of the camera if it 's locked | (sort of - face unlock obviously needs an exception), but | killing existing ones seems rather aggressive and would | create a new form of user hostility in relatively common | situations. | morsch wrote: | > to the background | | I absolutely want the Jitsi call to continue in the background | while I quickly look up something in the calendar. | GekkePrutser wrote: | True but there's an app for that (that probably works better | than doing it in the browser). Though I have to admit I | didn't try. I've only used it on the PC and Mac. I love Jitsi | though, for some reason it's sooo much smoother video than MS | Teams. Really adds a lot to the communication. I wish I could | use it for work, but there it's Microsoft or nothing :P | dvno42 wrote: | Only somewhat related but I have a phone where the front camera | mechanically pops up when it's used. I've noticed that by | default, when I visit many websites, without notification the | camera pops up and down quickly. After every Firefox update, I | have to go into android settings and deny camera permissions. | I've just assumed a page attempts to access the camera via JS but | I'm not sure, it could also just be a bug in FF. | smnrchrds wrote: | What phone do you use? | dvno42 wrote: | OnePlus 7 Pro | JshWright wrote: | Same here, with the same observed behavior. | monocasa wrote: | I think a bunch of websites try to access the camera's metadata | as a part of a fingerprinting mechanism. That's probably what | you're seeing. | amoshi wrote: | I thought so too, Xiaomi Mi 9T here with a popup camera | mechanism. But then again, wouldn't the website have to ask | for camera permissions? Or is there some permission-less | approach like the one for evaluating MIDI devices which is | used for fingerprinting? | kbrosnan wrote: | Yes this is ad network fingerpriting using | navigator.mediaDevices.enumerateDevices(). [1] When called | without permission it would return something like | | > videoinput: id = | csO9c0YpAf274OuCPUA53CNE0YHlIr2yXCi+SqfBZZ8= | | > audioinput: id = | RKxXByjnabbADGQNNZqLVLdmXlS0YkETYCIbg+XxnvM= | | > audioinput: id = | r2/xw1xUPIyZunfV1lGrKOma5wTOvCkWfZ368XCndm0= | | and if the user has allowed access to the camera/mic | | > videoinput: FaceTime HD Camera (Built-in) | id=csO9c0YpAf274OuCPUA53CNE0YHlIr2yXCi+SqfBZZ8= | | > audioinput: default (Built-in Microphone) | id=RKxXByjnabbADGQNNZqLVLdmXlS0YkETYCIbg+XxnvM= | | > audioinput: Built-in Microphone | id=r2/xw1xUPIyZunfV1lGrKOma5wTOvCkWfZ368XCndm0= | | [1] https://developer.mozilla.org/en- | US/docs/Web/API/MediaDevice... | jacquesm wrote: | It's actually great to have a physical confirmation that | such a fingerprint is being generated. This so called | cookie-less tracking is not legal in some parts of the | world because it bypasses consent which needs to be | legally obtained. | amoshi wrote: | Thanks for this, seems to confirm my suspicions. The | camera popup happened quite often on Glassdoor, which I | remember once blocking me for some time after I blocked | their canvas fingerprinting attempts. Just checked and | that seems to no longer be there. | | Disappointing state of affairs overall. | _jal wrote: | Having a mechanism to override built in JS functions | would be great fun. | gruez wrote: | AFAIK you can already do that using content scripts that | execute at document_start. A lot of anti-fingerprinting | scripts use this already. | _jal wrote: | Thanks for the tip, I did not know that. | sloshnmosh wrote: | That's what I thought too as soon as I saw the title of | this thread. | | My telco uses a heavily obfuscated script where all the | variables are just a bunch of hex that uses every | conceivable fingerprint technique in the book. | | Shockwave Flash, remote fonts, WebRTC, Silverlight, | vector graphics, HTML5 cookies, hardware fingerprinting | etc. | gruez wrote: | It doesn't look too fingerprintable. The ids seems to | change once you closed all the tabs belonging to a site | (on firefox), on on reload (chromium) so the max they can | fingerprint is how many devices of each type you have. | | the site I used to test: https://browserleaks.com/webrtc | kbrosnan wrote: | That is a separate issue which is fixed in Firefox Beta as part | of bug 1578073. | cpeterso wrote: | Links to the fixed bug reports: | | https://bugzilla.mozilla.org/show_bug.cgi?id=1578073 | | https://github.com/mozilla-mobile/fenix/issues/4833 | badrabbit wrote: | Ok, but why is this up to the browser? If it was any other app, | how can users be protected? Shouldn't this be enforced by the | hardware ideally? | LockAndLol wrote: | This could (maybe even should) be handled by Android permissions | itself e.g allow app to be access camera when screen is off or | locked. But this has been inactive mostly inactive for a year, | which shows where priorities lie. | duxup wrote: | I wish there was a hardwired led indicator, one for mic and one | for camera. | | When not in use neither the mic nor the camera would get power | and the leds tied to the same power connection. If they're on, | you know they're on. | | Yeah for "ok google" or whatever service it would be on all the | time, but you'd know. | | A physical switch to cut power would be nice too. | | I know there are likely some software complications such as | checking 'hey does the camera work / is it there' but maybe | that's more of a symptom of a problem. | GekkePrutser wrote: | Apple is doing this now in iOS 14 - not quite hardwired but | their OS is so controlled it's nearly the same thing. I doubt | an app can bypass it. | https://9to5mac.com/2020/07/07/ios-14-what-do-the-orange-and... | | On Android you have the pop-up phones of course! Sadly they are | super heavy... I was checking the Poco F2 last weekend and it's | > 200 grams which is really a lot. Great for privacy though | (and I really don't care about the front cam much anyway). | katbyte wrote: | Wow that's awesome, I have an app installed on my MacBook | that pops up something when the mic is in use and it's a | great addition. | GekkePrutser wrote: | Edit: Oops you were talking about the mic, not the cam.. So | the green light I spoke of doesn't apply. | | I wouldn't be surprised if this feature came to Big Sur too | though! But the current beta doesn't have it. | devit wrote: | Seems not a bug: you may want this behavior, and the proper way | to stop recording is to close the website or the app, not locking | your phone. | noja wrote: | Sure _some_ may want this behavior, but I think most will not: | it 's unexpected. | kbenson wrote: | I think it's probably more complex than that. It's either | unexpected or _expected_ depending on what you 're trying to | do, as shown by the cases mentioned here in the comments. You | want to record something but you want your phone in your | pocket (and locked, so you don't accidentally touch | something). You want to use it as a baby monitor for a room. | Your in a conference meeting call but in your car without a | charger, so would prefer to not waste battery on the screen. | Those are all cases where if you were were actively using the | camera and locked the phone, you might reasonably expect the | camera to continue working as it seems a use case people | would have. | | At the same time, there's the desire to know that when your | phone is not in active use (i.e. locked) it's not recording | you. | | I think this is a textbook case of where our expectations are | contextual, and conflicting. A naive adherence to one | expectation or the other will leave people unhappy. Perhaps | then, a less naive behavior (prompting on lock, a visual | indicator of any recording, etc) is sufficient. | kbrosnan wrote: | For a user to be affected by this they woul need to: | | * They would need to visit a website using webrtc | | * Grant Firefox the Android camera/microphone permissions | | * They would then be prompted to allow the website access to the | camera and microphone | | * For this to be a persistent problem the user would need to | check a box that says "Remember my decision for this site" this | is unchecked by default in the above dialog | | As comments here and in the bug there are cases where leaving the | camera active is useful so this is not as cut and dry as the | title leads you to believe. | [deleted] | pgo wrote: | Sorry but you make it sound like its four independent actions | which lowers the overall probability. While in reality this | whole sequence of actions is a very common thing for a user to | do. | kbenson wrote: | > you make it sound like ... lowers the overall probability | | I think that depends on whether you interpret the comment as | trying to mitigate the perceived magnitude of the issue, or | provide clear and concise information on what the issue | entails. | | I read it more as a "here's what the preconditions are, and | there's some question as to whether the issue is actually a | bug or not", and not "you have to do this for it to be a | problem, so it's less bad than you think", so the wording | didn't seem problematic at all to me. | brundolf wrote: | I think the bigger story is that this is possible for an app to | do at all on Android, in a way such that the user might not | realize it can happen/is happening. | kbenson wrote: | I agree. What does iOS do about this? Does it just not allow | locked phones access to the camera, or provide a prompt at | lock, or something else? | nojito wrote: | You are hit with popups asking for permission. | dogma1138 wrote: | Even the Apple Watch remote camera app asks you to unlock | the phone first so it seems like it's not possible. | brundolf wrote: | I'm curious too. I assume it's better, but I don't know | firsthand. I tried googling it and every result was about | manually opening the Camera app from your lockscreen. | snazz wrote: | Also not an iOS developer, but I think that apps enter a | "suspended" stage when you close them or press the power | button to save battery life. If you look at apps' crash | logs, you can see that they are occasionally killed by a | system process for using too much CPU or other resources | when they're in the background. | brundolf wrote: | There are definitely constraints on background activity, | but I don't know for sure whether that applies to the | camera, and I don't know what its precise relation is to | the screen being locked | kbenson wrote: | Some other comments here seem to indicate (at least in | recent models?) that it's a visual indicator light on the | phone that the camera/mic is being accessed. That might | be sufficient, although I might also like a small audio | cue on lock (or camera engage/disengage while locked). | | Unfortunately, I doubt Android will ever be able to rely | on a separate visual indicator of recording, since that's | another hardware component and probably hard (if not | impossible) for Android to enforce. | dogma1138 wrote: | I remember in the old Nokia days and early android days | when the camera shutter sound couldn't be disabled | (peeping Tom rules) adding an indicator similar to what | webcams have could be possible heck you could potentially | use the flash LED on its lowest setting. | pmlnr wrote: | Please keep this as an _option_. The current lack of having | background video streaming prevents me from using my old androids | as dashboard AND a network camera, even though they have the | capacity to be both. | kerng wrote: | Interesting, but why is this possible in the first place on | Android? | ars wrote: | Because I might still want to record things with my screen off? | | Imagine you are recording a video, and you turn of the screen | to save power - why would you expect it to stop recording? | mcbits wrote: | This _could_ be desirable behavior in some circumstances, e.g. | recording video where someone might seize the device and try to | stop the recording, or snoop through the device while it 's | unlocked. | akerro wrote: | This! I once was in a car accident and wanted to record the | conversation, I started recording, locked phone and put it into | my pocket. camera app stopped recording when screen was locked, | edge case but really unexpected one for me. | | Web browser shouldn't be doing it tho. | mcbits wrote: | If a site is granted access to the camera, and the OS lets | other camera apps continue while locked, it makes sense for | the browser to at least provide the option of keeping the | camera on while locked. Otherwise it just hinders sites from | providing live streaming/backup services entirely through the | browser without installing yet another app. | ThePowerOfFuet wrote: | On an iPhone, this is what the Voice Memos app is for (and | works with the screen off). If you have an Android then I | have no idea. | ggreer wrote: | Wow, I didn't know this. I just tried with iOS 14 beta and | was surprised to see video/audio recording stop as soon as I | hit the button to lock the screen. | | By the way: You might want to try recording something while | walking around with your phone in your pocket. My guess is | that your clothing will muffle sound. Any movement will cause | fabric to rub against the phone, drowning out the sound you | actually want to record. Even if your tactic did work, I'm | not sure it would have captured much of the conversation. | akerro wrote: | >By the way: You might want to try recording something | while walking around with your phone in your pocket. My | guess is that your clothing will muffle sound. | | Many android phones detect being in pocket and lock screen | automatically to prevent accidental touches. ___________________________________________________________________ (page generated 2020-07-07 23:00 UTC)