Zoom, The Only App With Apple's Private Camera API, Research Found

Zoom, Apple Developer

API stands for 'Application Programming Interface'. What it does, is act as a software intermediary to allow two apps to communicate with each other.

In the modern days of computing, an API can connect to the internet and sends data to a server. And when that server responds with more data, the API can interprets it, and performs all the necessary actions, before sending the output to users' phones.

API can interprets data in a way that is readable by the targeted app.

When working on Apple ecosystem, iOS developers need to work with an array of APIs to enhance their apps with different functionalities. Zoom is among the millions of apps that can be downloaded from the App Store that leverage Apple's APIs.

Zoom however, is the only third-party app that has access to the iPad Camera API, the other one being Apple's own FaceTime.

Apple allows it to have the private API, in order to give it its multitasking ability.

This was discovered by app developer Jeremy Provost, and the API in question, is called the com.apple.developer.avfoundation.multitasking-camera-access.

Zoom users must have found that when using Zoom, they can use the Split View multitasking, allowing them to run various other apps at the same time, while video-conferencing.

This is made possible through that private camera API.

When Provost asked Zoom, in response, the company said that the process for it to receive access to the API, was through an private process, and available only to those developers deemed worthy by Apple.

"For example, an app needs the HomeKit Entitlement — along with explicit user consent — to access a user’s home automation network. An app stores its entitlements as key-value pairs embedded in the code signature of its binary executable," as Apple explains it in a documentation page.

While Apple does provide public documentation about this private API, as well as the way developers should follow in order to request access to entitlements, Provost said that Apple does not provide any public process for requesting this API.

The API's existence is not even documented by Apple publicly.

Private camera API for iPad
Credit: Jeremy Provost/thinktapwork.com

On his blog post, Provost wrote that

"A few months back I was surprised to see that Zoom had somehow been able to tap into using the camera during iPad Split View multitasking. This is an obvious feature for a videoconferencing app so that you can keep one eye on your meeting while you consult notes, look at a presentation, or slack off on Twitter."

"I scoured the web and found no reference to how to enable this feature for our own iOS Zoom client, Participant for Zoom."

According to Provost, once Apple granted a developer the entitlement, the API will appear on the developer's account to add to a particular app.

While Zoom really need this API for it to allow multitasking, which is essentially useful in the 'COVID-19' coronavirus-infected world where more works are done through the internet (and video-conferencing mostly done on Zoom), the entitlement suggests that Apple may give special capabilities to certain developers, and there is nothing that can stop Apple from doing so.

There are others issues too.

"It’s understandable that this entitlement may not be appropriate for every app, or perhaps there may be ways for it to be abused. Maybe it makes sense for there to be an approval process, like with CarPlay. But it doesn’t make sense for this to be private, undocumented, and only accessible to Apple’s preferred partners."

From WhatsApp, Facebook Messenger to Microsoft Teams and anything in between. Why only Zoom has the access and not others, considering how many apps out there that offer the same features as Zoom? It seems that Apple's walled-garden is one's business to interfere.