A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions to do so. The vulnerability, known as CVE-2019-2234, is known to affect the Google Camera and Samsung Camera apps if they have not been updated since before July 2019. This vulnerability is quite dangerous as it could allow apps that normally do not have permission, to take pictures and videos even if the phone is locked or the screen is off.
Source: https://www.bleepingcomputer.com/news/security/android-camera-app-bug-lets-apps-record-video-without-permission/