Monday, August 3, 2020

Camo 1.0

Glenn Fleishman:

The result is Reincubate’s Camo, a virtual-camera system that lets you treat the front- or rear-facing camera on your iPhone, iPad, or iPod touch as a full-fledged video source for many Mac videoconferencing, streaming, and video-editing apps. For dozens of compatible apps, Camo appears just like any camera built-in or attached to your Mac.

Unfortunately, it doesn’t work with FaceTime or Safari! However, compared to competing apps, like Kinomi’s EpocCam, which has been blocked by some Mac videoconferencing services, Camo has much wider support.

[…]

Some other meeting apps, like Amazon Chime, Cisco WebEx, and Microsoft Skype and Teams; collaborative team discussion software, such as Discord and Slack; and several other packages require Camo to strip a security setting from the app. Specifically, Camo has to remove the app’s signature designed to let macOS know if the app has been modified. Once you grant your permission and enter an administrative password, Camo makes a modification in how the app handles video that allows the use of its virtual camera.

Previously:

5 Comments RSS · Twitter


This is só useful it will be Sherlocked in a coming iOS version


The last quoted paragraph above (“Specifically, Camo has to remove…”) is rather humorous to read. If Camo were instead held in ill repute, it would read as a classic black-hat “social engineering” script. (Translation: “you must expressly defeat the host app's integrity protection in order to allow this third-party app to patch it in an undisclosed manner.”)


This is só useful it will be Sherlocked in a coming iOS version

Yeah.

Which, OTOH: fair. It’s an obvious extension of the earlier Continuity Camera feature (from… Mojave-ish?).

On the other hand, it’s a bummer that macOS is increasingly moving into the iOS space where third parties have no chance at all to extend the system in unsanctioned ways.

Which leads to the bizarre below situation:

The last quoted paragraph above (“Specifically, Camo has to remove…”) is rather humorous to read.

Yeah. It’s not clear to me from https://reincubate.com/support/camo/camo-faq/#camo-integration what exactly it is they do. Inject a library at runtime? Patch a binary?


Disclaimer - I'm one of the founders of Reincubate, the maker of Camo.

In answer to the question about removing the app signature it's due to something called Library Validation (https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-library-validation). In short, third party plugins are only allowed to access certain APIs if they are either signed with Apple's own digital certificate or the digital certificate of the vendor of the application. Since we have to sign Camo with our own Developer ID this means macOS software which uses Library Validation wouldn't be able to see Camo. More info at

The solution in the short term is what's known as stripping the code signing signature, which tells macOS to ignore the library validation. In the long term the proper solution is for the developer of the software to disable library validation (it's not a security risk if this is done only for the specific library which handles video). It's worth noting this problem isn't unique to us - it affects everyone who builds or uses video plugins.

We've worked with a number of vendors such as Zoom and Cisco to update their software in this way and we also build automatic stripping into Camo for apps where the vendor hasn't been able or willing to make this change.


@Andrew Thanks for explaining!

Leave a Comment