Although the discussion has moved on, I think it’s still helpful to emphasize a few aspects of the way OverSight works. First off, it doesn’t automatically block* an attempt to eavesdrop via the built-in mic or camera, it only monitors their activation. Once it detects access or activation, it offers the option to block this via a notification that requires user input to be executed.
Second, in order to perform its monitoring, it uses APIs that may be bypassed, which in turn allows for ways to disable OverSight. In this respect OverSight’s documentation states:
As with any security tool, direct or proactive attempts to specifically bypass OverSight's protections will likely succeed. Moreover, the current version over OverSight utilizes user-mode APIs in order to monitor for audio and video events. Thus any malware that has a kernel-mode or rootkit component may be able to access the webcam and mic in an undetected manner.
In conclusion, OverSight is a useful but limited tool. The taping off of both cam and mic will help, assuming the resultant signal attenuation (especially of the audio portion) is sufficient. How to do this reliably and durably with mobile devices is another question. Here too (the blocking of) eavesdropping via audio may be the greater issue. And from a larger privacy point of view, one should not forget that users can be followed in ways that are beyond the reach of OverSight to affect.
* Monitoring results may be used to trigger events other than a simple notification, but those events are as yet not implemented.
