After years of work by Apple and Google to ensure that no app on your phone can turn on its cameras without you knowing it, the company behind the chipsets in most Android smartphones now wants to keep the front camera on all the time.
Qualcomm announced this “always-on camera” feature as a component of the new Snapdragon 8 Gen 1, a mobile chip platform that will ship in some smartphones by the end of the year, at its Snapdragon Tech Summit in Waimea, Hawaii. And executives with that San Diego company want you to welcome this lidless electronic eye as a privacy upgrade.
“We have a vision for the always-on camera to enhance privacy and security,” said Judd Heape, a product-management vice president, in a keynote on Tuesday afternoon. “By having a camera always on, we can make sure you’re always in front of the camera and in charge of the content.”
For example, he explained, a phone with this feature enabled could lock the screen automatically if the user’s face has suddenly vanished from view—because a thief has grabbed the device. It could blank the screen if it detects a second face appears behind you–a sign of a shoulder-surfing attempt–but only hide your notifications if a second face pops up next to you, on the assumption that you’re trying to share a photo, video or some other morsel of content.
And if you love to cook but don’t like having your phone lock automatically once your fingertips are coated in too much flour or butter to use a fingerprint sensor, the always-on camera can keep the phone’s screen open for you as long as you glance at it often enough.
[pullquote]The always-on camera feature will represent yet another potential target for attackers.[/pullquote]But early reactions, including some skeptical feedback from journalists, suggest the always-on camera instead could be a plot point in a dystopian Dave Eggers novel about Big Tech. It’s not hard to understand why–especially if you ponder how often you glance at your phone while on a toilet or just after you get out of a shower.
As PCMag’s Sascha Segan put it during a Q&A session on Wednesday: “Every non-technical person I’ve mentioned this to is completely freaked out by it.”
Qualcomm’s response so far has been to point to the locked-down nature of the Sensing Hub on the Gen 1 chipset that handles this task.
“We know that this is going to create some anxiety,” Heape said in an interview Tuesday before launching into an explanation of how Sensing Hub is isolated from the rest of the Snapdragon chipset and any other applications.
“The data never leaves this part of the chip,” he said. “There’s just a slight bit of local memory that is used while the face is processed, then that cache is basically flushed.”
Heape added that this low-powered system only does facial detection, not recognition. Unlike systems like Apple’s Face ID or Microsoft’s Windows Hello, it does not attempt detailed biometric matching. He did not, however, demo the always-on camera for me.
The always-on camera feature will represent yet another potential target for attackers, complicating a smartphone security scenario already tangled with adversaries and assets. As Saritha Sivapuram, a Qualcomm senior director of product management, acknowledged in an interview Wednesday: “The threat model itself has increased significantly.”
As Apple’s recent lawsuit against the Israeli spyware firm NSO Group spotlights, sufficiently determined and capable attackers can already take over a phone’s camera remotely. In the same interview, Sivapuram’s colleague Asaf Shen offered a caveat common among realistic security professionals: “Well-funded government organizations will always find a way.”
‘It goes down to convenience’
Two industry analysts (and Fast Company contributors) at the conference suggested that if the always-on camera actually saves people time or embarrassment, they won’t obsess over potential downsides.
“There’s been some precedent,” said Ross Rubin, founder and principal analyst with Reticle Research, who likened the technology to its audio equivalent in products such as Amazon’s Alexa speaker. “Many people have devices in the homes with always-on microphones.”
He also cited Samsung’s ‘Smart Stay,’ which used the camera to keep the phone on if it sensed you were looking at it—but without its own fortified hardware to keep the feature secure.
“Be transparent as to what is the camera able to see, who gets access to that information, and what you do with it,” she said. After that, she added: “I think it goes down to the convenience.”
(Heape said Tuesday that “a few” will enable the always-on camera but did not name them; Qualcomm’s announced list of companies shipping phones based on the Snapdragon 8 Gen 1 includes Motorola, OnePlus, and Sony but not yet Android smartphone kingpin Samsung.)
Both analysts offered rebranding advice to clarify that the always-on camera doesn’t record or remember. Rubin suggested “always-active,” while Milanesi preferred “always-ready.”
Milanesi also suggested that one particular smartphone company that definitely won’t use Qualcomm’s Snapdragon 8 Gen 1 might have better luck with a feature like this.
“For Apple, it might be easier,” she said. “If they rolled something like this out, you’re already talking to a base that believes that Apple is pro-security and pro-privacy.”
But whatever the brand name on a future phone incorporating Qualcomm’s always-on camera, history suggests that a lot of people will take the opportunity to save a tiny bit of time on a regular basis as they use their phones.
As Rubin put it: “Very often, we hear about technologies that sound as if they have a lot of potential for abuse, and yet they are accepted and they become very mainstream.”
(Disclosure: Qualcomm paid for my lodging and airfare, along with the travel costs of most of the journalists and analysts covering this invitation-only event.)