Privacy risk: Flaw in Instagram app for iOS turns on the camera even when not using it

Since the release of the iOS 14 beta, test users have been reporting unusual multi-app behavior; the most recent reports refer to a flaw in Instagram that causes the green “Camera On” indicator to be activated when using the app without users activating the camera. 

In this regard, a spokesperson for the social network noted that this unusual behavior was simply a mistake, so the company’s security teams began working on a solution. The Creation Mode of the app can be activated from the camera, which could turn on the indicator light; the spokesperson mentions that it is possible to access the camera by swiping the feed, which can trigger this failure.

“Instagram only accesses users’ camera after permission is granted; we are fixing a bug in iOS 14 beta that incorrectly indicates that the camera is activated spontaneously.” The spokesman emphasized that the users’ camera is not actually activated, nor is any recording (photo or video) recorded.

Cybersecurity experts believe this could be a kind of notification in iOS 14 to alert users to invasive behavior in other apps. Since the release of the beta version it has been discovered that apps like TikTok or LinkedIn access the contents of the device clipboard, although it is unclear if this is a spying activity.  

ByteDance, a Chinese company developing TikTok, mentions that the necessary measures were implemented to make the app no longer available for access to the clipboard, sending an update from Apple, eliminating this behavior, considered as spam.

The company noted that this feature was never included on Android system devices. Moreover, LinkedIn ensures that this feature has been completely removed, while Reddit, which was also signaled for accessing the clipboard in iOS 14, will remove this feature in its next update.

A couple of weeks ago Facebook also fixed an error present in its iOS device app. The parent company of Instagram mentioned that this flaw activated the camera without the consent of the users, conduct that was identified and corrected as soon as possible.