Unfortunately, there are a lot of apps that users grant camera permissions to. Basically, any time you upload an avatar or post a picture with an app, you’ve got to give it camera permissions to do that.
Krause documented his findings in a short video presentation. As long as an app with camera permissions was in the foreground, it could snap photos literally every second, all without the user being alerted to what was going on.
Krause was quick to point out that he wasn’t naming names, and so far, at least, there are no known instances of malicious apps abusing this flaw, nor are any legitimate apps misusing it to anyone’s knowledge. The simple fact that it is possible, though, opens the door to a whole host of malicious apps that could, and that’s disturbing.
For the moment, there are really only two ways to address the issue: either go in and modify all your apps’ permissions so that they no longer have camera access, or use lens covers to make it so that your front and back cameras can’t record anything unless you specifically want them to.
Longer term, there are a number of things Apple could do to address the issue. The two simplest fixes would be introducing expiring permissions for apps to allow for more precise user controls, or introducing LED lights that would activate any time the camera was in use, thus giving the user a clear visual marker.
In any case, for the moment, it’s important to know that your phone may be watching and/or recording you.