Is it illegal to fetch a picture from another phone remotely after having a consent Or prior Permissions?

Question

Me and my girlfriend are using an app that takes the access of your partners phone camera, then clicks the image & sends image back to requester. After fiddling with it, we are planning to launch a similar app(globally) under our own brand. But again, if we take 'consent' from the second party, mentioning that your partner will be able to have the access of your smartphone camera to fetch pictures and to send it back to your partners, can raise a legal issue for us?

Answer 1

Of course, remote access tools and remote administration can be legitimate. But such tools also have substantial potential for abuse. You as the app provider might have a responsibility for ensuring security and safety of your system. In particular:

• consider whether other mechanisms are more appropriate for sharing pictures, e.g. a messenger app
• the user should always be aware when access is active, for example by requiring user interaction for starting a session during which access is allowed, and by showing a persistent notification while access is active
• the user should be able to withdraw access at any time
• before starting the session, the user should be informed about potential risks so that they can give informed consent
• the shared content should likely be protected via end-to-end encryption

Scenarios that should be impossible, or at least prevented with reasonable safeguards:

• An attacker suspects their partner of cheating. The attacker installs a remote access tool on their partner's device and starts tracking it. Clearly, the partner being tracked will not have given consent here.
• A “tech support” scammer tricks the victim into installing the remote access tool and uses it to guide the victim into transferring money.

Why you should care about such issues:

• If your app enables criminal acts, and you did not take reasonable precautions to prevent this, you might have some degree of liability.
• Apps that can be used as spy apps are likely to ran afoul of app store guidelines that you would like to distribute your app through.
• If you market your app in Europe, your app may only access information on the end user's device with the user's consent. Many of the safeguards suggested above (prior information, keeping the user fully aware of what is happening, making it easy to revoke access, no surreptitious tracking, no misleading users) are essential for obtaining valid consent. You as the app provider would need consent since you would act as the service provider / data controller.