[HN Gopher] Firefox Android: Camera remains active even when the...
___________________________________________________________________
Firefox Android: Camera remains active even when the phone is
locked
Author : kkm
Score : 96 points
Date : 2020-07-07 18:52 UTC (4 hours ago)
(HTM) web link (bugzilla.mozilla.org)
(TXT) w3m dump (bugzilla.mozilla.org)
| coronadisaster wrote:
| wow that is really bad, I am increasingly loosing fate in Firefox
| and I have been using it since v1.0
| GekkePrutser wrote:
| I'm sure this wasn't intentional though. It doesn't even
| benefit them in any way. It's not as if they were doing it to
| steal information. It's just a bug, at least it's known now and
| they'll fix it.
| coronadisaster wrote:
| assuming the NSA isn't behind it and cutting them a check
| jacquesm wrote:
| That's well into tinfoil hat territory unless you have some
| proof of this.
| coronadisaster wrote:
| very true, but is there even a way to even know how much
| money they get from the government?
| techntoke wrote:
| It is only a year old. I mean how high of a priority can it be to
| not send your camera when your phone is locked or when you send
| the app to the background?
| ed25519FUUU wrote:
| Furthermore, how does the OS even make this possible?
| [deleted]
| techntoke wrote:
| Well for music, people may want to continue listening to
| music when their phones are off or the app is in the
| background.
|
| For video I agree it doesn't make much sense, but in a web
| app world if you're recording video you may want to turn off
| the screen or do other things just like a computer. It should
| at least show you in the notification area.
| disiplus wrote:
| i can think a scenario where the phone is acting as a sort
| of security camera. or you are using it as a replacement
| for web cam when you stream from your pc. etc. but i agree
| most of those are edge cases.
| TeMPOraL wrote:
| It's not as much of an edge case; spare (particularly,
| old) phones and tablets are used as DIY home security
| systems, baby monitors, etc.
| AnthonyMouse wrote:
| And even edge cases should be supported. Maybe the
| default in Firefox should be to disable the camera when
| you lock your phone, but then it should have a setting to
| do otherwise, and it certainly shouldn't be rendered
| impossible by the OS (rather than, say, having a separate
| permission).
| jhoechtl wrote:
| Heck even for video. Google is hammering youtube pro down
| my throat for the benefit of continuing pkaying while
| backgrounded
| kllrnohj wrote:
| Accidentally bumping the power button shouldn't kill a video
| I'm taking or a video conference I'm in.
|
| The OS should block _new_ uses of the camera if it 's locked
| (sort of - face unlock obviously needs an exception), but
| killing existing ones seems rather aggressive and would
| create a new form of user hostility in relatively common
| situations.
| morsch wrote:
| > to the background
|
| I absolutely want the Jitsi call to continue in the background
| while I quickly look up something in the calendar.
| GekkePrutser wrote:
| True but there's an app for that (that probably works better
| than doing it in the browser). Though I have to admit I
| didn't try. I've only used it on the PC and Mac. I love Jitsi
| though, for some reason it's sooo much smoother video than MS
| Teams. Really adds a lot to the communication. I wish I could
| use it for work, but there it's Microsoft or nothing :P
| dvno42 wrote:
| Only somewhat related but I have a phone where the front camera
| mechanically pops up when it's used. I've noticed that by
| default, when I visit many websites, without notification the
| camera pops up and down quickly. After every Firefox update, I
| have to go into android settings and deny camera permissions.
| I've just assumed a page attempts to access the camera via JS but
| I'm not sure, it could also just be a bug in FF.
| smnrchrds wrote:
| What phone do you use?
| dvno42 wrote:
| OnePlus 7 Pro
| JshWright wrote:
| Same here, with the same observed behavior.
| monocasa wrote:
| I think a bunch of websites try to access the camera's metadata
| as a part of a fingerprinting mechanism. That's probably what
| you're seeing.
| amoshi wrote:
| I thought so too, Xiaomi Mi 9T here with a popup camera
| mechanism. But then again, wouldn't the website have to ask
| for camera permissions? Or is there some permission-less
| approach like the one for evaluating MIDI devices which is
| used for fingerprinting?
| kbrosnan wrote:
| Yes this is ad network fingerpriting using
| navigator.mediaDevices.enumerateDevices(). [1] When called
| without permission it would return something like
|
| > videoinput: id =
| csO9c0YpAf274OuCPUA53CNE0YHlIr2yXCi+SqfBZZ8=
|
| > audioinput: id =
| RKxXByjnabbADGQNNZqLVLdmXlS0YkETYCIbg+XxnvM=
|
| > audioinput: id =
| r2/xw1xUPIyZunfV1lGrKOma5wTOvCkWfZ368XCndm0=
|
| and if the user has allowed access to the camera/mic
|
| > videoinput: FaceTime HD Camera (Built-in)
| id=csO9c0YpAf274OuCPUA53CNE0YHlIr2yXCi+SqfBZZ8=
|
| > audioinput: default (Built-in Microphone)
| id=RKxXByjnabbADGQNNZqLVLdmXlS0YkETYCIbg+XxnvM=
|
| > audioinput: Built-in Microphone
| id=r2/xw1xUPIyZunfV1lGrKOma5wTOvCkWfZ368XCndm0=
|
| [1] https://developer.mozilla.org/en-
| US/docs/Web/API/MediaDevice...
| jacquesm wrote:
| It's actually great to have a physical confirmation that
| such a fingerprint is being generated. This so called
| cookie-less tracking is not legal in some parts of the
| world because it bypasses consent which needs to be
| legally obtained.
| amoshi wrote:
| Thanks for this, seems to confirm my suspicions. The
| camera popup happened quite often on Glassdoor, which I
| remember once blocking me for some time after I blocked
| their canvas fingerprinting attempts. Just checked and
| that seems to no longer be there.
|
| Disappointing state of affairs overall.
| _jal wrote:
| Having a mechanism to override built in JS functions
| would be great fun.
| gruez wrote:
| AFAIK you can already do that using content scripts that
| execute at document_start. A lot of anti-fingerprinting
| scripts use this already.
| _jal wrote:
| Thanks for the tip, I did not know that.
| sloshnmosh wrote:
| That's what I thought too as soon as I saw the title of
| this thread.
|
| My telco uses a heavily obfuscated script where all the
| variables are just a bunch of hex that uses every
| conceivable fingerprint technique in the book.
|
| Shockwave Flash, remote fonts, WebRTC, Silverlight,
| vector graphics, HTML5 cookies, hardware fingerprinting
| etc.
| gruez wrote:
| It doesn't look too fingerprintable. The ids seems to
| change once you closed all the tabs belonging to a site
| (on firefox), on on reload (chromium) so the max they can
| fingerprint is how many devices of each type you have.
|
| the site I used to test: https://browserleaks.com/webrtc
| kbrosnan wrote:
| That is a separate issue which is fixed in Firefox Beta as part
| of bug 1578073.
| cpeterso wrote:
| Links to the fixed bug reports:
|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1578073
|
| https://github.com/mozilla-mobile/fenix/issues/4833
| badrabbit wrote:
| Ok, but why is this up to the browser? If it was any other app,
| how can users be protected? Shouldn't this be enforced by the
| hardware ideally?
| LockAndLol wrote:
| This could (maybe even should) be handled by Android permissions
| itself e.g allow app to be access camera when screen is off or
| locked. But this has been inactive mostly inactive for a year,
| which shows where priorities lie.
| duxup wrote:
| I wish there was a hardwired led indicator, one for mic and one
| for camera.
|
| When not in use neither the mic nor the camera would get power
| and the leds tied to the same power connection. If they're on,
| you know they're on.
|
| Yeah for "ok google" or whatever service it would be on all the
| time, but you'd know.
|
| A physical switch to cut power would be nice too.
|
| I know there are likely some software complications such as
| checking 'hey does the camera work / is it there' but maybe
| that's more of a symptom of a problem.
| GekkePrutser wrote:
| Apple is doing this now in iOS 14 - not quite hardwired but
| their OS is so controlled it's nearly the same thing. I doubt
| an app can bypass it.
| https://9to5mac.com/2020/07/07/ios-14-what-do-the-orange-and...
|
| On Android you have the pop-up phones of course! Sadly they are
| super heavy... I was checking the Poco F2 last weekend and it's
| > 200 grams which is really a lot. Great for privacy though
| (and I really don't care about the front cam much anyway).
| katbyte wrote:
| Wow that's awesome, I have an app installed on my MacBook
| that pops up something when the mic is in use and it's a
| great addition.
| GekkePrutser wrote:
| Edit: Oops you were talking about the mic, not the cam.. So
| the green light I spoke of doesn't apply.
|
| I wouldn't be surprised if this feature came to Big Sur too
| though! But the current beta doesn't have it.
| devit wrote:
| Seems not a bug: you may want this behavior, and the proper way
| to stop recording is to close the website or the app, not locking
| your phone.
| noja wrote:
| Sure _some_ may want this behavior, but I think most will not:
| it 's unexpected.
| kbenson wrote:
| I think it's probably more complex than that. It's either
| unexpected or _expected_ depending on what you 're trying to
| do, as shown by the cases mentioned here in the comments. You
| want to record something but you want your phone in your
| pocket (and locked, so you don't accidentally touch
| something). You want to use it as a baby monitor for a room.
| Your in a conference meeting call but in your car without a
| charger, so would prefer to not waste battery on the screen.
| Those are all cases where if you were were actively using the
| camera and locked the phone, you might reasonably expect the
| camera to continue working as it seems a use case people
| would have.
|
| At the same time, there's the desire to know that when your
| phone is not in active use (i.e. locked) it's not recording
| you.
|
| I think this is a textbook case of where our expectations are
| contextual, and conflicting. A naive adherence to one
| expectation or the other will leave people unhappy. Perhaps
| then, a less naive behavior (prompting on lock, a visual
| indicator of any recording, etc) is sufficient.
| kbrosnan wrote:
| For a user to be affected by this they woul need to:
|
| * They would need to visit a website using webrtc
|
| * Grant Firefox the Android camera/microphone permissions
|
| * They would then be prompted to allow the website access to the
| camera and microphone
|
| * For this to be a persistent problem the user would need to
| check a box that says "Remember my decision for this site" this
| is unchecked by default in the above dialog
|
| As comments here and in the bug there are cases where leaving the
| camera active is useful so this is not as cut and dry as the
| title leads you to believe.
| [deleted]
| pgo wrote:
| Sorry but you make it sound like its four independent actions
| which lowers the overall probability. While in reality this
| whole sequence of actions is a very common thing for a user to
| do.
| kbenson wrote:
| > you make it sound like ... lowers the overall probability
|
| I think that depends on whether you interpret the comment as
| trying to mitigate the perceived magnitude of the issue, or
| provide clear and concise information on what the issue
| entails.
|
| I read it more as a "here's what the preconditions are, and
| there's some question as to whether the issue is actually a
| bug or not", and not "you have to do this for it to be a
| problem, so it's less bad than you think", so the wording
| didn't seem problematic at all to me.
| brundolf wrote:
| I think the bigger story is that this is possible for an app to
| do at all on Android, in a way such that the user might not
| realize it can happen/is happening.
| kbenson wrote:
| I agree. What does iOS do about this? Does it just not allow
| locked phones access to the camera, or provide a prompt at
| lock, or something else?
| nojito wrote:
| You are hit with popups asking for permission.
| dogma1138 wrote:
| Even the Apple Watch remote camera app asks you to unlock
| the phone first so it seems like it's not possible.
| brundolf wrote:
| I'm curious too. I assume it's better, but I don't know
| firsthand. I tried googling it and every result was about
| manually opening the Camera app from your lockscreen.
| snazz wrote:
| Also not an iOS developer, but I think that apps enter a
| "suspended" stage when you close them or press the power
| button to save battery life. If you look at apps' crash
| logs, you can see that they are occasionally killed by a
| system process for using too much CPU or other resources
| when they're in the background.
| brundolf wrote:
| There are definitely constraints on background activity,
| but I don't know for sure whether that applies to the
| camera, and I don't know what its precise relation is to
| the screen being locked
| kbenson wrote:
| Some other comments here seem to indicate (at least in
| recent models?) that it's a visual indicator light on the
| phone that the camera/mic is being accessed. That might
| be sufficient, although I might also like a small audio
| cue on lock (or camera engage/disengage while locked).
|
| Unfortunately, I doubt Android will ever be able to rely
| on a separate visual indicator of recording, since that's
| another hardware component and probably hard (if not
| impossible) for Android to enforce.
| dogma1138 wrote:
| I remember in the old Nokia days and early android days
| when the camera shutter sound couldn't be disabled
| (peeping Tom rules) adding an indicator similar to what
| webcams have could be possible heck you could potentially
| use the flash LED on its lowest setting.
| pmlnr wrote:
| Please keep this as an _option_. The current lack of having
| background video streaming prevents me from using my old androids
| as dashboard AND a network camera, even though they have the
| capacity to be both.
| kerng wrote:
| Interesting, but why is this possible in the first place on
| Android?
| ars wrote:
| Because I might still want to record things with my screen off?
|
| Imagine you are recording a video, and you turn of the screen
| to save power - why would you expect it to stop recording?
| mcbits wrote:
| This _could_ be desirable behavior in some circumstances, e.g.
| recording video where someone might seize the device and try to
| stop the recording, or snoop through the device while it 's
| unlocked.
| akerro wrote:
| This! I once was in a car accident and wanted to record the
| conversation, I started recording, locked phone and put it into
| my pocket. camera app stopped recording when screen was locked,
| edge case but really unexpected one for me.
|
| Web browser shouldn't be doing it tho.
| mcbits wrote:
| If a site is granted access to the camera, and the OS lets
| other camera apps continue while locked, it makes sense for
| the browser to at least provide the option of keeping the
| camera on while locked. Otherwise it just hinders sites from
| providing live streaming/backup services entirely through the
| browser without installing yet another app.
| ThePowerOfFuet wrote:
| On an iPhone, this is what the Voice Memos app is for (and
| works with the screen off). If you have an Android then I
| have no idea.
| ggreer wrote:
| Wow, I didn't know this. I just tried with iOS 14 beta and
| was surprised to see video/audio recording stop as soon as I
| hit the button to lock the screen.
|
| By the way: You might want to try recording something while
| walking around with your phone in your pocket. My guess is
| that your clothing will muffle sound. Any movement will cause
| fabric to rub against the phone, drowning out the sound you
| actually want to record. Even if your tactic did work, I'm
| not sure it would have captured much of the conversation.
| akerro wrote:
| >By the way: You might want to try recording something
| while walking around with your phone in your pocket. My
| guess is that your clothing will muffle sound.
|
| Many android phones detect being in pocket and lock screen
| automatically to prevent accidental touches.
___________________________________________________________________
(page generated 2020-07-07 23:00 UTC)