Bug in Facebook App Accesses the Camera in the Background

The Facebook for iOS app appears to be accessing the iPhone or iPad's camera in the background when the app is in use, according to multiple reports on Twitter.

The sliver of brown in this demo photo is the Facebook app accessing the camera behind the timeline.

When scrolling through the Facebook timeline, several users saw the camera activated in the background, as demonstrated in the tweets below.



One Facebook user found it through an interface bug that shows a small sliver of the display when looking at a photo, while another found it when rotating a device.

Both The Next Web and CNET were able to reproduce the issue and confirmed that the camera is activated in the background when using Facebook on iOS. The issue appears to impact iPhones running iOS 13, including the newest release version of ‌iOS 13‌, iOS 13.2.2. Devices running iOS 12 do not appear to be impacted.

Facebook vice president of integrity Guy Rosen this morning said that it "sounds like a bug" and that Facebook is looking into it, but Facebook has not officially commented on the issue.


Security researcher Will Strafach told TechCrunch that it appears to be a "harmless but creepy looking bug."

For the Facebook app to access the camera in the background, camera and microphone access must be enabled in the Settings app. Those concerned about the bug can disable Facebook's access to these features on the iPhone and the ‌iPad‌, or delete the Facebook app.


This article, "Bug in Facebook App Accesses the Camera in the Background" first appeared on MacRumors.com

Discuss this article in our forums

US, UK, and Australia Urge Zuckerberg Not to Extend Encrypted Messaging to Facebook and Instagram

U.S., U.K., and Australian officials have contacted Facebook to request that it provides authorities with a way to access encrypted messages sent by users over the social network, it was revealed today.

Facebook-owned WhatsApp already uses end-to-end encryption to ensure only senders and recipients can read messages, but Facebook intends to extend the same protocols to its Messenger and Instagram Direct chat platforms.


However, government officials have penned an open letter to Facebook CEO Mark Zuckerberg asking him not to go ahead with the plan – or if it does, to at least give authorities a way to read encrypted messages for reasons of law enforcement, and in particular to prevent child sexual exploitation.

A draft of the letter, obtained by BuzzFeed News, is set to be released in tandem with an announcement on a new data-sharing agreement between law enforcement in the U.S. and the U.K. aimed at removing barriers to cross-border surveillance.
"We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety," the letter reads.

"Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children."

"Security enhancements to the virtual world should not make us more vulnerable in the physical world. Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes."
The letter, dated October 4, is signed by U.S. Attorney General William P Barr, U.K. Home Secretary Priti Patel, acting U.S. Homeland Security Secretary Kevin McAleenan, and the Australian minister for Home Affairs Peter Dutton.
"We believe people have the right to have a private conversation online, wherever they are in the world," a Facebook spokesperson said in response to the letter. "Ahead of our plans to bring more security and privacy to our messaging apps, we are consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology so we can use all the information available to us to help keep people safe."

"We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere."
Zuckerberg also defended his decision to encrypt Facebook's messaging services, despite concerns about its impact on child exploitation and other criminal activity.

Speaking on Thursday in a livestreamed version of the company's weekly internal Q&A session, the CEO said child exploitation risks weighed "most heavily" on him when he was making the decision and pledged steps to minimize harm.

Apple has long opposed government attempts to gain access to encrypted communications through the use of backdoors in iOS devices.

In 2016, a U.S. federal judge ordered Apple to help the FBI hack into the iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino.

The FBI asked Apple to create a version of iOS that would both disable passcode security features and allow passcodes to be entered electronically, allowing it to then brute force the passcode on the device.

Apple announced that it would oppose the order in an open letter penned by Tim Cook, who said the FBI's request would set a "dangerous precedent" with serious implications for the future of smartphone encryption. Apple said the software the FBI asked for could serve as a "master key" able to be used to get information from any iPhone or iPad - including its most recent devices - while the FBI claimed it only wanted access to a single iPhone.

Apple's dispute with the FBI ended on March 28, 2016 after the government found an alternate way to access the data on the iPhone through the help of Israeli firm Cellebrite and withdrew the lawsuit.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "US, UK, and Australia Urge Zuckerberg Not to Extend Encrypted Messaging to Facebook and Instagram" first appeared on MacRumors.com

Discuss this article in our forums

Facebook Announces ‘Portal TV’ for Streaming Content and Holding Video Calls

Facebook today announced a new set of Portal video chat devices, including one that is aimed to compete in the streaming TV market. This device is called the Portal TV, and it connects to a TV set with a standard HDMI cable and can stream content as well as enable video calls through Facebook Messenger and WhatsApp.


According to Facebook, video calling is the primary feature of Portal TV, because there aren't many supported streaming apps announced as of today. Customers will be able to stream Amazon Prime Video, listen to Spotify, and download apps like Showtime, CBS All Access, Starz, Pluto TV, Red Bull TV, and Neverthink.

More apps are said to be coming soon, but Netflix, Hulu, HBO, and other popular platforms will not be on Portal TV at launch.

Speaking with Bloomberg, Facebook executive Andrew Bosworth said that the ability to video call friends and family on a TV-based device will make it unique in a crowded market. Bosworth went on to suggest that people will likely switch on alternative devices for their video streaming when they're done video calling on Portal TV.

Otherwise, Facebook is also launching updated Portal devices in two new sizes: an 8-inch "Portal Mini" and 10-inch regular "Portal." The new Portals have improved speakers, and a physical shutter so users can easily disable the camera and microphone.


Of course, with any news related to Facebook, the company has attempted to double down on privacy assurances. With the new Portal models, it said that users can opt out of the company accessing voice recordings collected by the Portal in their home. Facebook will transcribe some "Hey Portal" audio clips if users don't opt out of it, however.

Bloomberg posted a separate story about this earlier today, detailing how Facebook "paused human review of audio" in August, while it worked on a way to give customers more control over the feature. The default option will still be for Facebook to automatically collect and transcribe "Hey Portal" commands, so users will have to be aware of this and navigate into their settings to opt out.

The Portal TV will cost $149, the Portal Mini will cost $129, and the Portal will cost $179. The Portal Mini and Portal will launch October 15, while the Portal TV is set to launch on November 5.


This article, "Facebook Announces 'Portal TV' for Streaming Content and Holding Video Calls" first appeared on MacRumors.com

Discuss this article in our forums

Facebook Preps Users for Apple’s New Location Tracking Alerts in iOS 13

Facebook has attempted to pre-empt awkward questions about privacy ahead of the launch of iOS 13, with a blog post explaining what Apple's new location data alerts mean for users of its mobile app.


As we've covered elsewhere, Apple has doubled down on its privacy features in iOS 13, giving iPhone and iPad users a more granular view of how third-party apps access their location information – something that's obviously of concern to Facebook.

In a blog post titled "Understanding Updates to Your Device's Location Settings," the social network company highlights the fact that pop-up notifications now let users know when an app is using their location in the background, and even show a map of the location data that the app has tracked. The alerts also make users aware of how often apps are tracking them and their motivation for doing so.

Facebook points out that while iOS 12 gives users the option to allow apps access to precise location information "Always," "While Using the App" or "Never," iOS 13 adds an additional "Allow Once" option for permitting restricted one-time access. The social media giant clearly wants users to know that regardless of these changes, "Facebook is better with location..."
It powers features like check-ins and makes planning events easier. It helps improve ads and keep you and the Facebook community safe. Features like Find Wi-Fi and Nearby Friends use precise location even when you're not using the app to make sure that alerts and tools are accurate and personalized for you.
It's no secret that Facebook harvests huge amounts of data on all of its users, but the company is clearly trying to allay concerns when the alerts start rolling in on Facebook users' devices once they've updated to iOS 13.

Apple usually releases new versions of iOS one or two weeks after it unveils new iPhones. Apple's iPhone event takes place today at 10:00 a.m Pacific Time, so we should see iOS 13 drop relatively soon. MacRumors will be providing live coverage of today's event both here on MacRumors.com and on the MacRumorsLive Twitter account. Stay tuned.

Related Roundups: iOS 13, iPadOS

This article, "Facebook Preps Users for Apple's New Location Tracking Alerts in iOS 13" first appeared on MacRumors.com

Discuss this article in our forums

Hundreds of Millions of Phone Numbers From Facebook Accounts Leaked Online

An exposed server with more than 419 million records from Facebook users has been discovered online, reports TechCrunch.

The server was not protected with a password and was accessible to anyone. It featured 133 million records from U.S.-based Facebook users, 18 million records from users in the UK, and 50 million records on users in Vietnam.


The records contained each person's unique Facebook ID along with the phone number listed on the account. Facebook IDs are unique numbers that can be associated with an account to discover a person's username.

Facebook restricted access to phone numbers more than a year ago, so the database that was found is older than that. A Facebook spokesperson said that the data had been scraped prior to when Facebook cut off access to phone numbers, calling the dataset "old."
"This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," the spokesperson said. "The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised."
TechCrunch was able to verify multiple records in the database by matching a known Facebook user's phone number against a listed Facebook ID. Other records were verified by matching phone numbers with Facebook's password reset feature, which can be used to partially reveal a phone number linked to an account. Records primarily had phone numbers, but in some cases, also had usernames, genders, and country location.

Image via TechCrunch

Phone number security has become increasingly important over the course of the last few years due to SIM-hacking, which involves calling a phone carrier and asking for a SIM transfer for a specific number, thereby giving access to anything linked to that phone number, such as two-factor verification, password reset info, and more.

SIM-hacking requires little more than a phone number and social engineering skills, and it has been devastating for people who have been impacted. Leaked phone numbers also expose Facebook users to spam calls, which have also become more and more prevalent over the last several years.

The database was originally found by security researcher Sanyam Jain, who said that he was able to locate phone numbers associated with several celebrities. It's not clear who owned the database nor where it originated from, but it was taken offline after TechCrunch contacted the web host. There is no word on why the data was scraped from Facebook or what it was used for.


This article, "Hundreds of Millions of Phone Numbers From Facebook Accounts Leaked Online" first appeared on MacRumors.com

Discuss this article in our forums

Facebook Paid Contractors to Transcribe Messenger Voice Chats

Facebook paid “hundreds of outside contractors” to transcribe user audio clips from its Messenger app, reports Bloomberg.

Employees who worked on the transcription were not told where the audio was recorded or how it was obtained, nor were they told why Facebook needs conversations transcribed.


Facebook says that while it had indeed been transcribing audio, it no longer plans to do so. "We paused human review of audio more than a week ago,” Facebook told Bloomberg.

Facebook’s decision to pause its audio transcribing comes following scrutiny of human review programs from Apple, Amazon, and Google. The three companies use employees to review voice assistant requests and accidental activations for improvement purposes.

One firm that Facebook uses to transcribe Messenger conversations is TaskUs, a company that also reviews Facebook content for possible policy violations.

Facebook says that users who had voice chats transcribed had opted in, and that the transcriptions were used to make sure Facebook’s AI correctly interpreted the messages. Despite this, Facebook did not disclose to users that third parties may be reviewing audio, which led some of Facebook’s contractors to “feel their work is unethical.”

Facebook’s data use policy does mention the collection of “content, communications, and other information,” but there’s no specific mention of audio.
Facebook says its “systems automatically process content and communications you and others provide to analyze context and what’s in them.” It includes no mention of other human beings screening the content. In a list of “types of third parties we share information with,” Facebook doesn’t mention a transcription team, but vaguely refers to “vendors and service providers who support our business” by “analyzing how our products are used.”

While Facebook claims it has stopped the audio transcription program, those concerned should refrain from using Facebook services like Messenger and WhatsApp.

Google and Apple have temporarily suspended their human audio review programs, while Amazon is letting Alexa users opt out. In the future, when Apple re-implements human review of Siri queries, there will be a clear privacy policy and opt-out option.


This article, "Facebook Paid Contractors to Transcribe Messenger Voice Chats" first appeared on MacRumors.com

Discuss this article in our forums

Facebook to Be Fined $5 Billion in Cambridge Analytica Privacy Scandal

The U.S. Federal Trade Commission has voted to approve a settlement with Facebook that will see the social media giant hit with a roughly $5 billion fine over the Cambridge Analytica privacy scandal, reports The Wall Street Journal.

The matter has been moved to the Justice Department’s civil division and it is unclear how long it will take to finalize, the person said. Justice Department reviews are part of the FTC’s procedure but typically don’t change the outcome of an FTC decision.

A settlement is expected to include other government restrictions on how Facebook treats user privacy. The additional terms of the settlement couldn’t immediately be learned.
The scandal revolved around data firm Cambridge Analytica, which improperly collected information on tens of millions of Facebook users without their consent to create targeted political advertisements during the 2016 campaign.

The data collection came through an app called "This Is Your Digital Life," which requested that Facebook users complete a survey for academic use. In reality, the app's permissions allowed it to collect personal information on not just the Facebook users who took the survey but also their friends.

Facebook revamped its privacy practices in the wake of the scandal, but the company still faced investigations by regulators over multiple security lapses and marked a significant moment in efforts to raise awareness about digital privacy.

Apple CEO Tim Cook called the Cambridge Analytica situation "dire" and has on multiple occasions called for increased regulation to protect user privacy.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "Facebook to Be Fined $5 Billion in Cambridge Analytica Privacy Scandal" first appeared on MacRumors.com

Discuss this article in our forums

WhatsApp Tests Feature That Lets Users Share Their Status With Facebook and Other Apps

WhatsApp is testing a feature that enables users to share their WhatsApp Status posts over Facebook, Instagram, and other services.


WhatsApp's Status feature works a lot like Stories do in Instagram, in that users can use the option to stitch together photos and video to express themselves in a way words alone might not allow them to.

The idea behind WhatsApp Status sharing is that it will allow users to post their status directly to their Facebook story, Instagram Story, Gmail, Google Photos, or other service.

WhatsApp told The Verge that the sharing feature doesn't link accounts on the two services in any way, and instead transfers the data on-device using Android and iOS data-sharing APIs.

Even when sharing to another Facebook-owned service like Instagram, WhatsApp says the two posts remain separate events and are not associated in Facebook's systems.

Regardless of that explanation, relating the two platforms in the public consciousness has become a risky business for Facebook ever since it acquired WhatsApp in 2014.

The company said at the time that it wouldn't collect data from the end-to-end encrypted messaging service, but then two years later it began doing exactly that for ad-targeting purposes.

In 2016 the company had to end the collection of WhatsApp user data across Europe, including the phone number a user verifies during the registration process and the last time a user accessed the service, after privacy watchdogs slammed the practice and regulators demanded it be stopped.

Facebook was subsequently fined $122 million by the European Commission for misleading regulators during the merger review about the extent to which it could link accounts.


This article, "WhatsApp Tests Feature That Lets Users Share Their Status With Facebook and Other Apps" first appeared on MacRumors.com

Discuss this article in our forums

Contact Info for Millions of Instagram Influencers, Celebrities, and Brand Accounts Leaked Online

A database that contained contact information for millions of Instagram influencers, celebrities, and brand accounts was recently leaked online, reports TechCrunch.

The database, which was hosted by Amazon Web Services and contains more than 49 million records, was accessible without a password or other credentials according to the security researcher who informed TechCrunch about the leak.

Records include public data pulled from Instagram, such as profile picture, biography, and follower numbers, but also private contact information like phone numbers and email addresses.

Records also calculated the "worth" of each account based on follower count, engagement, reach, likes, and shares.

The database was initially uploaded and shared by Mumbai-based social media marketing firm Chtrbox, a company that pays Instagram influencers to share sponsored content. Though uploaded by Chtrbox, the database includes info from influencers who have never worked with the company.
TechCrunch found several high-profile influencers in the exposed database, including prominent food bloggers, celebrities and other social media influencers.

We contacted several people at random whose information was found in the database and provided them their phone numbers. Two of the people responded and confirmed their email address and phone number found in the database was used to set up their Instagram accounts. Neither had any involvement with Chtrbox, they said.
After hearing from TechCrunch, Chtrbox took the database offline, but the company's CEO did not respond to a request for comment on how the data was obtained.

Instagram parent company Facebook said that it was looking into the issue and aiming to determine whether the data was from Instagram or other sources. "We're also inquiring with Chtrbox to understand where this data came from and how it became publicly available," said Facebook.


This article, "Contact Info for Millions of Instagram Influencers, Celebrities, and Brand Accounts Leaked Online" first appeared on MacRumors.com

Discuss this article in our forums

Facebook Brings Back ‘View As Public’ Feature That Was Removed Because of Security Issues

Facebook today announced that it is reintroducing the "View As Public" feature that's designed to let you see your Facebook profile as a non-friend sees it, so you can double check that you're not sharing information publicly that you don't want to share.

In addition, Facebook is adding an "Edit Public Details" button directly to your profile, which will make it easier to adjust what information about you is publicly visible.


Facebook removed all "View As" features in September 2018 after a vulnerability with the feature allowed hackers to steal Facebook access tokens for almost 50 million accounts.

Facebook now says that the "View As" feature for viewing an account as a member of the public was not affected by the security incident and was more popular than the "View as Specific Person" options that are still disabled.


This article, "Facebook Brings Back 'View As Public' Feature That Was Removed Because of Security Issues" first appeared on MacRumors.com

Discuss this article in our forums