Capture Camera

Adversaries may utilize the camera to capture information about the user, their surroundings, or other physical identifiers. Adversaries may use the physical camera devices on a mobile device to capture images or video. By default, in Android and iOS, an application must request permission to access a camera device which is granted by the user through a request prompt. In Android, applications must hold the android.permission.CAMERA permission to access the camera. In iOS, applications must include the NSCameraUsageDescription key in the Info.plist file, and must request access to the camera at runtime.

ID: T1512
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Collection
Platforms: Android, iOS
Version: 1.0
Created: 09 August 2019
Last Modified: 12 September 2019

Procedure Examples

Name Description

Concipit1248 requests permissions to use the device camera.[15]

Corona Updates

Corona Updates can take pictures using the camera and can record MP4 files.[15]


Dendroid can take pictures using the phone’s camera as well as record video.[3]


DroidJack can capture video using device cameras.[8]


Exodus Two can take pictures with the device cameras.[11]


FlexiSpy can record video.[2]


GolfSpy can record video.[14]


Monokle can take photos and videos.[12]


Pallas can take pictures with both the front and rear-facing cameras.[9]

Pegasus for Android

Pegasus for Android has the ability to take pictures using the device camera.[4]


RCSAndroid can capture photos using the front and back cameras.[5]


Skygofree can record video or capture photos when an infected device is in a specified location.[10]


SpyDealer can record video and take photos via front and rear cameras.[6]

Stealth Mango

Stealth Mango can record and take pictures using the front and back cameras.[7]


ViceLeaker can take photos from both the front and back cameras.[13]


Mitigation Description
Application Vetting

During the vetting process applications using the android permission android.permission.CAMERA, or the iOS NSCameraUsageDescription plist entry could be analyzed more closely.

Use Recent OS Version

Android 9 and above restricts access to mic, camera, and other sensors from background applications.[1]


On Android and iOS, the user can view which applications have permission to use the camera through the device settings screen, and the user can choose to revoke the permissions.