The bug was first noticed by privacy-minded Twitter users earlier this week. Here's what it looks like in action:
Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl— Joshua Maddux (@JoshuaMaddux) November 10, 2019
Facebook's vice president of integrity Guy Rosen addressed the bug in a series of tweets after it was reported by Business Insider and other outlets Tuesday. Rosen said the bug was the result of a recent patch, and that Facebook has "no evidence of photos/videos uploaded due to this."
We’re submitting a fix for this to the App Store today.— Guy Rosen (@guyro) November 12, 2019
Business Insider confirmed that the bug is reproducible with version 246.0 of the Facebook app on an iPhone running iOS 13.2.2. It's seemingly triggered when a user clicks on an ad and then rapidly clicks away, or opens a different users' profile picture and rapidly swipes down.
It's not clear whether the rear-facing camera is always on when users open the Facebook app or if the bug is triggering a shortcut to quickly open the camera. The Facebook app opens the front-facing camera when users tap the "Go Live" button, and opens the rear-facing camera if users navigate to their stories page and then click the camera icon — this screen is more than one step away from the newsfeed.
While it's likely a bug, the issue raises questions regarding Facebook users' privacy, especially since there's no obvious notification that the Facebook app is accessing the rear-facing camera when it appears.