Whenever I mention that AlertBoot Mobile Security, an MDM for protecting smartphones, allows one to disable their camera (and keep it that way), some people say something along the lines of “hey, that’s great for companies infringing on my darn tootin’ rights to do whatever the heck I want with my own smartphone that I’m allowed to use at work, but why would I personally want that?”
I never could answer this question. What is the value of this feature for the smartphone owner? Thankfully, Facebook is making the case for me on this one.
Facebook Spokesperson Essentially Says: “Trust Us”
In what I can only describe as one of the most horrific (but also naively refreshing?) statements I have read in a while, businessinsider.com had this to report (my emphasis):
While it is technically possible for the Facebook app to record video and audio without your knowing, the spokesperson said Facebook won’t do that.
I realize that I haven’t even covered the details of the story, but doesn’t the above kind of make the hairs on your neck stand up, and tells you all that you need to know, regardless of the story?
I know it does to me.
It’s Google’s Fault
Eli Langer over at storify.com has a story on how people are “complaining about Android applications” for Facebook and Google Search. Namely, that these apps can use a smartphone’s “microphones and camera at any point without any confirmation.”
I wouldn’t have believed it if it weren’t for a screenshot that shows the legal language. You can find it by visiting the story, but it reads:
Record Audio: Allows the app to record audio with the microphone. This permission allows the app to record audio at any time without your confirmation.
Take Pictures and Videos: Allows the app to take pictures with the camera. This permission allows the app to use the camera at any time without your confirmation.
Now, a screenshot in the age of Photoshop means nothing. But, consider this: (1) multiple people are tweeting about it, (2) neither Mr. Langer nor businessinsider.com are not known for pulling April Fool’s day pranks in mid-May (as far as I know, that is), and (3) there is the admission by a Facebook spokesperson, which we already saw above. In fact, the full quote in the businessinsider.com article is the following:
A spokesperson for Facebook explains this [the legal language above] as follows: the language in this disclaimer comes from Google and wasn’t written up by Facebook, it’s simply how Android handles camera access. While it is technically possible for the Facebook app to record video and audio without your knowing, the spokesperson said Facebook won’t do that.
I’m on the fence whether the full passage makes the spokesperson’s statement more or less creepy. One the one hand, the “openness” and “transparency” are appreciated (even if most people wouldn’t read the legalese). On the other hand, a living, breathing person telling me that I should ignore the implications…. well, let’s just say that I’m pulling out of storage my X-Files t-shirt just for this occasion.
AlertBoot is one of the many companies that have a BYOD solution. It’s an MDM (mobile device management) service that allows one to control and manage smartphones and tablets from the cloud, and it includes features like remote data wipe, password policies, and Wi-Fi provisioning (and more, of course).
It also includes the ability to disable cameras on mobile devices. Many companies do not allow cameras in the workplace for myriad reasons, and this is how it works in AlertBoot:
- A policy is created in the online management console. For simplicity’s sake, it’ll be for disabling the camera.
- Apply it.
The policy is updated for devices, and that’s that. This works as long as the device is not jailbroken (of which the administrator will be notified).
If a regular/official/authorized version of the device’s OS is in place, the Facebook app will not be able to access the camera, period (in the event of a conflict between the app settings, “use camera,” and the AlertBoot MDM settings “camera disabled,” the latter comes out on top, as should be the case).
Of course, the “real” solution is for Google and/or Facebook to change their policies and not allow this to happen. I mean, the app can technically access your mic and camera but “it won’t happen?” Why build it, then? And why ask for permission to use it without your being aware of it?