Categories
Security

Firefox for Android allows websites to use camera even when the screen is locked

Interesting Firefox for Android bug: Camera remains active when the app is in background or the phone is locked. That is, when the camera is on and streaming via WebRTC, if the user locks their phone, the camera continues streaming.

kbrosnan on Hacker News adds:

For a user to be affected by this they woul need to:

* They would need to visit a website using webrtc

* Grant Firefox the Android camera/microphone permissions

* They would then be prompted to allow the website access to the camera and microphone

* For this to be a persistent problem the user would need to check a box that says “Remember my decision for this site” this is unchecked by default in the above dialog

This, of course, what everyone does when trying to use a web video chat.

What surprises me more about the bug is that Android allows apps to record video when the phone is locked. I didn’t know that. As far as I know, iOS doesn’t allow this. More than that, an app can’t even use camera if it’s not the front-most app — the frame just freezes until the app is back (I suspect we’ll see this change in the future versions, given that iOS/iPadOS 14 add an indicator).

By Dmitry Chestnykh

Founder of Coding Robots

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s