Bug 2018158 - disabling camera and microphone access doesn't disable either
Summary: disabling camera and microphone access doesn't disable either
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-control-center
Version: 37
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: gnome-sig
QA Contact: Fedora Extras Quality Assurance
Whiteboard: https://ask.fedoraproject.org/t/commo...
Depends On:
Blocks: F35FinalBlocker
TreeView+ depends on / blocked
Reported: 2021-10-28 11:41 UTC by Kamil Páral
Modified: 2023-03-17 14:26 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2023-03-17 14:26:23 UTC
Type: Bug

Attachments (Terms of Use)
disabled camera in Settings (32.35 KB, image/png)
2021-10-28 11:42 UTC, Kamil Páral
no flags Details
disabled microphone in Settings (33.57 KB, image/png)
2021-10-28 11:42 UTC, Kamil Páral
no flags Details

System ID Private Priority Status Summary Last Updated
GNOME Gitlab GNOME gnome-control-center issues 741 0 None opened Clarify that disabling camera doesn't apply to built-in applications 2022-05-17 13:11:34 UTC

Description Kamil Páral 2021-10-28 11:41:32 UTC
Description of problem:
In GNOME Settings -> Privacy, there are tabs "Microphone" and "Camera". In each of them, you can disable those devices and you'll see the following message:

* Microphone is turned off *
No applications can record sound.

* Camera is turned off *
No applications can capture photos or videos.

However, even if you do that, it doesn't seem to have any effect. If you run Cheese, you can capture photos and videos (including sound) from your camera just fine. Similarly, if you install gnome-sound-recorder, you can record your voice also without issues.

Those options in GNOME Settings seem misleading at best. Users might be relying on those messages to think they're safe from any snooping applications, while they are not.

Version-Release number of selected component (if applicable):
(F35 Workstation Live RC1.2)

How reproducible:

Steps to Reproduce:
1. in gnome-control-center, go to Privacy->Sound/Camera and disable both
2. run Cheese, see that it can record video+sound
3. run gnome-sound-record, see that it can record sound

Additional info:
If you don't disable Camera and Microphone options, there is a box saying "No Applications Have Asked for Camera Access". That also doesn't reflect the apps accessing the devices.

I had a feeling that this might be broken for a long time, so I booted F30 Workstation Live in a VM, and I can reproduce the same issue even in F30.

Comment 1 Kamil Páral 2021-10-28 11:42:04 UTC
Created attachment 1837958 [details]
disabled camera in Settings

Comment 2 Kamil Páral 2021-10-28 11:42:11 UTC
Created attachment 1837959 [details]
disabled microphone in Settings

Comment 3 Kamil Páral 2021-10-28 11:45:03 UTC
This could be possibly considered a broken basic functionality of gnome-control-center under:
"All applications that can be launched using the standard graphical mechanism after a default installation of Fedora Workstation on the x86_64 architecture must start successfully and withstand a basic functionality test. "

Proposing for a discussion.

Comment 4 Zbigniew Jędrzejewski-Szmek 2021-10-28 14:09:17 UTC
I can confirm the issue. The gnome-settings setting has no effect whatsoever on cheese.

FWIW, I think this violates user expectations and should be fixed. Since it's apparently not a regression,
I'm not convinced it should be treated as a blocker though.

Comment 5 Ben Cotton 2021-10-28 18:10:01 UTC
In today's Go/No-Go meeting, we agreed that this is not a blocker as it exceeds our definition of "basic functionality"

Comment 6 Michael Catanzaro 2021-11-02 20:39:38 UTC
Please understand: the design of System Settings panels assumes all applications are installed as flatpaks. This might be bad design, but anything that is installed via RPM could simply ignore whatever permissions you set in System Settings, so attempting to restrict their permissions would be futile.

Comment 7 Kamil Páral 2021-11-03 08:32:24 UTC
Michael, thanks for explanation. It's definitely bad design, and misleading, because it says "**No applications** can ...". I'll file an upstream bug.

Comment 8 Ben Cotton 2022-11-29 17:11:48 UTC
This message is a reminder that Fedora Linux 35 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 35 on 2022-12-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '35'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 35 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Comment 9 Kamil Páral 2022-12-01 11:35:41 UTC
This should now be fixed upstream in these two MRs:

and should be part of Fedora 38 or possibly a Fedora 37 update. Let's keep this open until we can verify the fix.

Comment 10 Kamil Páral 2023-03-17 14:26:23 UTC
This is now much better in Fedora 38. You still need to read the fine text and know what a sandboxed app is, but if you do, it's much clearer now. I'll close this.

Note You need to log in before you can comment on or make changes to this bug.