ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Tips for TIs Related to the Camera

book

Article ID: 173308

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

Apps can access the device camera and record data. Appthority has TIs that find apps that may use or misuse pictures or videos from the camera. Improper handling of camera data may disclose them to unintended parties.

Resolution

Uses Camera

The Uses Camera TI dynamically detects that the app accesses and uses the camera inside the application. Photo, video and social apps normally use the camera. However, improper handling of pictures or videos by an app may reveal them to unintended parties. This TI has a Risk Level of 6.

Recommendation: Use this TI to vet apps in your Organization. 

Can Access Camera

The Can Access Camera TI detects that the app binary code requests permission to access the camera.

This static analysis does not determine whether the user can accept or reject such access; it only indicates the ability to access the microphone.

There are many apps that access the camera for legitimate reasons. The App Report evidence data description for an app that triggers this TI can reveal the reason for the access. For example “Allow access to record videos for course materials.” This TI is ranked at Risk Level 2.

Accesses Camera for Advertising

The Accesses Camera for Advertising TI indicates that the app accesses the camera and uses a 3rd party advertising library that can transfer the data from the camera to a 3rd party. Information sent to advertising libraries are not usually monitored by the original app, and enterprises normally do not have visibility into this kind of 3rd party data access.

While it is acceptable to access photos for in-app functionality, and while app developers may earn money for free apps by including advertising libraries, the benefit of using the app may not outweigh the risk of enterprise data leakage. This TI has a Risk Level of 6.