Just noticed this when surfing while drinking the morning coffee; I’ve never gotten this notification when visiting any website in the past, and this is my first time ever opening up oneplus’ homepage… (oneplus dot net - /fi & /se to be exact)
Even tho camera access is disabled for the browsers in Android settings, it takes the Xposed module XPrivacyLua to block the request?
Wth? Circumventing the standard Android access settings here?
Now I tested this with a bunch of browsers and with different ua strings, and after a quick check using Firefox and IceCat I didn’t get this alert.
Each browser has its own WebKit to call those functions. I would imagine the website has inconsistent implementations for detecting the browser UA and/or calling the corresponding functions to each browsers webkit.
While I prefer oneplus for the hardware and 3rd party support, I wouldn’t doubt they’re just like google/microsoft/apple/samsung… in regards to not respecting user choice and privacy. Their own software is probably capable of ignoring settings just like windows or touchwiz.
I get these notices all the time on different websites. Both FF and Chrome. I’m using lineage on an op3t.
Well I’m on an Xperia X with Paranoid Android so OnePlus software overriding the settings is out of the equation, I’m still wondering why Firefox (& IceCat) are unaffected tho.
All I can think of is if the Android apps require the same linux capabilities to run as in linux then yea, chrome and derivatives can override user settings since they require the CAP_SYS_ADMIN capability, whereas firefox doesn’t (Firefox Focus ignored the settings too tho).
I’m still tripping balls lol, I understand that scetchy sites are one thing, but regardless of the spying OnePlus has done in the past, their website still trying to force webcam access sounds like something to write in the news.
Welp, just got home and had to try this out on the laptop and sure nuf, the Oneplus homepage tries to read your webcam even tough you’re not giving it permission, kek
These kinds of alerts pop up when accessing the op site with Chromium and Firefox running in an unprivileged sandbox.
Well it sure is interesting that despite denying access, the browsers are still able to poll the cam without user consent, both on Android & the desktop.
WebView based Android browsers don’t even have the necessary permissions to grant to begin with.