Android apps are able to take photos and store them on a server without the user noticing anything

Computer scientist and blogger Szymon Sidor has exposed a loophole in Android that lets creative hackers spy on users through their devices' cameras without the victims noticing anything. There are apps on the Play Store that try to take photos without alerting the user, but all of them require visible app activity and the phone screen to be turned on. In the name of computer science, Sidor tried to see how far down the rabbit hole of spying apps can go.

Knowing that using the camera on Android to take photos and record video requires a preview to be displayed on screen, but it doesn't require background services to have visible activity, he wrote a crafty little camera app for the Nexus 5. It creates a View object sized precisely 1 by 1 pixel, and feeds video preview from the front or rear camera to it. This miniscule pixel makes it possible to take photos even when the Nexus 5's display is turned off by the user. It's virtually impossible to notice its presence, as there are approximately 445 pixels per every inch of the smartphone's display.

In short, Sidor concludes that Android apps are able to take photos without alerting the user, showing themselves in the list of installed applications, and able to send photos over the Internet to a private server. The scientist has published a proof-of-concept video, which renders the discovery even more disturbing. Thanks to the quality of the photos and embedded location data, attackers are able to see both what you're doing and where you're doing it. Hopefully, Google is on the case.


source: Snacks for your mind