Description of problem:
In GNOME Settings -> Privacy, there are tabs "Microphone" and "Camera". In each of them, you can disable those devices and you'll see the following message:
* Microphone is turned off *
No applications can record sound.
* Camera is turned off *
No applications can capture photos or videos.
However, even if you do that, it doesn't seem to have any effect. If you run Cheese, you can capture photos and videos (including sound) from your camera just fine. Similarly, if you install gnome-sound-recorder, you can record your voice also without issues.
Those options in GNOME Settings seem misleading at best. Users might be relying on those messages to think they're safe from any snooping applications, while they are not.
Version-Release number of selected component (if applicable):
(F35 Workstation Live RC1.2)
Steps to Reproduce:
1. in gnome-control-center, go to Privacy->Sound/Camera and disable both
2. run Cheese, see that it can record video+sound
3. run gnome-sound-record, see that it can record sound
If you don't disable Camera and Microphone options, there is a box saying "No Applications Have Asked for Camera Access". That also doesn't reflect the apps accessing the devices.
I had a feeling that this might be broken for a long time, so I booted F30 Workstation Live in a VM, and I can reproduce the same issue even in F30.
Created attachment 1837958 [details]
disabled camera in Settings
Created attachment 1837959 [details]
disabled microphone in Settings
This could be possibly considered a broken basic functionality of gnome-control-center under:
"All applications that can be launched using the standard graphical mechanism after a default installation of Fedora Workstation on the x86_64 architecture must start successfully and withstand a basic functionality test. "
Proposing for a discussion.
I can confirm the issue. The gnome-settings setting has no effect whatsoever on cheese.
FWIW, I think this violates user expectations and should be fixed. Since it's apparently not a regression,
I'm not convinced it should be treated as a blocker though.
In today's Go/No-Go meeting, we agreed that this is not a blocker as it exceeds our definition of "basic functionality"
Please understand: the design of System Settings panels assumes all applications are installed as flatpaks. This might be bad design, but anything that is installed via RPM could simply ignore whatever permissions you set in System Settings, so attempting to restrict their permissions would be futile.
Michael, thanks for explanation. It's definitely bad design, and misleading, because it says "**No applications** can ...". I'll file an upstream bug.