TransWikia.com

How to check if Android app is taking pictures in the background?

Android Enthusiasts Asked by Cmazay on October 29, 2021

I have Android app that I found to be loading Camera in the background.
It’s one of the most widely used internet browsers – Chrome.

I been trying debug what is actually happening with LogCat in the Android Device Monitor.
Couple of lines that catch my eye:

I/CameraManagerGlobal(24529): getCameraService: Reconnecting to camera service
I/CameraService(331): getCameraCharacteristics: Switching to HAL1 shim implementation...
I/NuPlayer(331): setDataSourceAsync(URL suppressed)
I/CameraClient(331): Opening camera 1
E/QCamera2HWI(331): [KPI Perf] int qcamera::QCamera2HardwareInterface::openCamera(hw_device_t**): E PROFILE_OPEN_CAMERA camera id 1
I/QCameraHalWatchdog(331): Starting Watchdog Thread...
E/mm-camera-intf(331): mm_camera_open: dev name = /dev/video2, cam_idx = 2
D/QCameraParameters(331): int32_t qcamera::QCameraParameters::initDefaultParameters(): supported pic sizes: 1280x960,1280x720,640x480,352x288
D/QCameraParameters(331): int32_t qcamera::QCameraParameters::setNumOfSnapshot(): nBurstNum = 1, nExpnum = 1
I/QCameraHalWatchdog(331): Stopped Watchdog Thread...
I/CameraClient(331): Destroying camera 1
E/QCameraPostProc(331): int32_t qcamera::QCameraPostProcessor::deinit(): Jpeg closed, rc = 0, mJpegClientHandle = 7900

How would I know if picture is actually taken?

Is this possibly normal behavior to check camera availability?

One Answer

Checking if one or more camera devices are available is not that unusual as it seems, it is often used to check whether camera-options should be shown or not. It seems unlikely as well that an attacker/spy would generate a log output that could reveal their intention. However, opening the camera as shown in your log seems suspicious and you should investigate it further. My suggestions:

  • If you got some strings or classnames you can search further in the open source of "chrome for android" (see this post for where to find the code) and check where the strings are used in the code. Maybe you can identify the calls and imports to the Camera API and check how they are used. Depending on the Android version the imports may vary, but here are some examples for the Camera2 API to look out for:

    • "android.hardware.camera2.CameraManager"
    • "android.hardware.camera2.CaptureRequest"
    • "android.hardware.camera2.CameraCaptureSession"
  • If you want to dig deeper I would recommend you to hook certain API calls with tools like Frida or RMS. This tools allow you to hook java calls when they are executed and you can log some more output if necessary. So you could actually hook the java camera API and see if a picture was taken. In case you have built the code yourself you can as well attach the debugger and set breakpoints to stop the code at certain states.

  • It sounds weird, but one of the fastest ways is maybe to ask the developers of chrome for android (embedded chromium) directly why there are using the camera and where in the code. Maybe you can open a new discussion on the official project webpage to ask devs to have a look at it.

Answered by Me7e0r on October 29, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP