x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Android apps are able to take photos and store them on a server without the user noticing anything

Android apps are able to take photos and store them on a server without the user noticing anything

Posted: , by Luis D.

Tags:

Android apps are able to take photos and store them on a server without the user noticing anything
Computer scientist and blogger Szymon Sidor has exposed a loophole in Android that lets creative hackers spy on users through their devices' cameras without the victims noticing anything. There are apps on the Play Store that try to take photos without alerting the user, but all of them require visible app activity and the phone screen to be turned on. In the name of computer science, Sidor tried to see how far down the rabbit hole of spying apps can go.

Knowing that using the camera on Android to take photos and record video requires a preview to be displayed on screen, but it doesn't require background services to have visible activity, he wrote a crafty little camera app for the Nexus 5. It creates a View object sized precisely 1 by 1 pixel, and feeds video preview from the front or rear camera to it. This miniscule pixel makes it possible to take photos even when the Nexus 5's display is turned off by the user. It's virtually impossible to notice its presence, as there are approximately 445 pixels per every inch of the smartphone's display.

In short, Sidor concludes that Android apps are able to take photos without alerting the user, showing themselves in the list of installed applications, and able to send photos over the Internet to a private server. The scientist has published a proof-of-concept video, which renders the discovery even more disturbing. Thanks to the quality of the photos and embedded location data, attackers are able to see both what you're doing and where you're doing it. Hopefully, Google is on the case.


source: Snacks for your mind

33 Comments
  • Options
    Close




posted on 22 May 2014, 04:59 7

1. Lt.Green (Posts: 342; Member since: 13 Mar 2014)


Sh!t just got real.

posted on 22 May 2014, 08:12

18. engineer-1701d (Posts: 536; Member since: 13 Mar 2014)


if you are rooted then this is not a problem by limiting the permissions on the app. but all newer phones do this all platforms. just like remote pc turning on your camera and seeing whats going on around you, or if phone is lost turning on camera and take a pic of people who stole it.

posted on 22 May 2014, 09:56

26. networkdood (Posts: 6260; Member since: 31 Mar 2010)


Just get App OPS

posted on 22 May 2014, 20:32

32. 0xFFFF (Posts: 2416; Member since: 16 Apr 2014)


The sad thing is that there still is some herd of rabid fanboys who attack people who want rootable phones.

posted on 22 May 2014, 09:45 1

25. RaKithAPeiRiZ (Posts: 1308; Member since: 29 Dec 2011)


Windows PCs already infected with this hack , the backdoors are built in , it gets activated once a virtual handshake takes place , it takes screenshots at random and sends them to remote servers once you establish a network connection

posted on 22 May 2014, 05:11

2. xeonfire (Posts: 17; Member since: 15 Feb 2014)


Invasion of the pixel kind...

posted on 22 May 2014, 05:15 1

3. vincelongman (Posts: 1006; Member since: 10 Feb 2013)


This is why OEMs need to start using the Snapdragon 200 instead of the 800, that way the phone would lag if an app tries to covertly record anything

Jokes, aside this does shows the downside of Android being very open and dev friendly

posted on 22 May 2014, 05:36

4. ShenAlJoker (Posts: 86; Member since: 19 Jul 2013)


Where are the fandroids??????????????

posted on 22 May 2014, 06:01 5

6. RebelwithoutaClue (Posts: 556; Member since: 05 Apr 2013)


No worries here, since I use Appops X to limit apps I have installed. Besides that, I hardly install new apps and the ones I do have, I trust. But besides that, good thing this is discovered and hopefully Google will tackle this issue. Taking secret pics are already used by certain anti-theft apps.

posted on 22 May 2014, 07:19 1

16. Whateverman (Posts: 3187; Member since: 17 May 2009)


Why do you care???????????

posted on 22 May 2014, 08:19 2

20. boosook (Posts: 927; Member since: 19 Nov 2012)


Here's one. I don't see the problem... does the app require the permission to take pictures? You know it can do it. Does the app require internet access? Of course it can take pictures and then upload them to a server.
Is this a security flaw? And if yes, why? When you install an application on your Windows or Mac laptop, it could turn on the webcam and microphone and send everything to a server. That's why integrated webcams have a lens cover... but you can't do anything for the microphone, and you would need a firewall to block unwanted internet connection... and so where is the problem? When you install an application, unless it's open source, you don't know what it really does. At least, on Android, you can decide yourself if the hardware permissions that an app asks for are adequate for the task it has to perform.

posted on 22 May 2014, 08:28 1

23. Scott93274 (Posts: 634; Member since: 06 Aug 2013)


Calm down buddy, he's just looking for anything to upset Android users because he's upset that the Microsoft brand is valued nearly $70 Billion below Google.

posted on 22 May 2014, 09:56

27. networkdood (Posts: 6260; Member since: 31 Mar 2010)


damn, I did not know that MS dropped that low..

posted on 22 May 2014, 11:21

30. noler (Posts: 164; Member since: 19 Aug 2013)


You are lucky that Google sends you money, MS do not send me anything :(

posted on 22 May 2014, 05:52 6

5. Anshulonweb (Posts: 292; Member since: 07 Feb 2014)


still not more dangerous and risk as apple collecting fingerprints....

posted on 22 May 2014, 06:04 2

8. RebelwithoutaClue (Posts: 556; Member since: 05 Apr 2013)


Fingerprints are stored on a local encrypted chip and aren't send to Apple.

posted on 22 May 2014, 06:34 5

13. Edward_bly (Posts: 184; Member since: 11 Dec 2013)


How the heck would you know?

posted on 22 May 2014, 07:16

15. RebelwithoutaClue (Posts: 556; Member since: 05 Apr 2013)


http://www.cnet.com/news/sen-franken-questions-privacy-of-iphone-5s-fingerprint-scanner/

It has been a privacy concern for many websites/people and written about many times

posted on 22 May 2014, 08:15

19. engineer-1701d (Posts: 536; Member since: 13 Mar 2014)


who do people care about fingerprint and pics being taking, nsa and the gov have your info and pics and video all the time every atm has a cam and traffic light and on top of that, all it takes is a bad person to take your bank account number and soc, and bye bye money and your life this is the least of peoples problems unless your doing something your not supposed to do,.

posted on 22 May 2014, 09:10

24. RebelwithoutaClue (Posts: 556; Member since: 05 Apr 2013)


I disagree, you might not be interesting as an individual, but as a group, normal harmless people might be a 'threat'. The NSA has the perfect tool to keep close watch on groups of people disagreeing with the government or just social unrest. Which might escalate in something bigger, the government hasn't control over. But they can keep tabs on key people, controlling them via information,pressuring them for instance. This way the powers that be, will stay in control.

posted on 22 May 2014, 06:01

7. apple4never (Posts: 931; Member since: 08 May 2013)


wow lol, time to duck tape my cameras till i have to use it

posted on 22 May 2014, 06:06 3

9. xondk (Posts: 50; Member since: 25 Mar 2014)


Pretty sure said app still needs to have camera privileges soo if it asks for them, you know it can take pictures, don't get shady apps that ask for a million privileges to do seemingly very little. *coughfacebookcough*

posted on 22 May 2014, 06:14 1

10. My1cent (Posts: 10; Member since: 30 Jan 2014)


Check "Data usage" to see list of every app that sending data via internet may help you find a suspicious app.

posted on 22 May 2014, 06:23

11. totex71 (Posts: 6; Member since: 19 Feb 2014)


Nothing new here..

posted on 22 May 2014, 06:33 1

12. Edward_bly (Posts: 184; Member since: 11 Dec 2013)


With the technology today anyone can find out out almost anything. Truth is I don't care, I'm not afraid.

posted on 22 May 2014, 06:58 1

14. AfterShock (Posts: 2512; Member since: 02 Nov 2012)


Not concerned.

posted on 22 May 2014, 08:20

21. TheGenius (Posts: 287; Member since: 06 Mar 2014)


Myappsharer by jones chi
Its available for free on playstore.

posted on 22 May 2014, 08:25 1

22. boosook (Posts: 927; Member since: 19 Nov 2012)


Oh, please... not again! Yes, applications can do all sort of things, it has happened for 40 years, and so it will be in the future... what's the problem? The app asks for camera and internet access permissions, and once you grant them, why should you be asked again every time the app needs to perform its work?
Those kind of alerts are from people used to how iOS works. So they think it's a security issue, while the problem is just that they "think iOS". In iOS, you don't know what permissions an app requires before installing it. Instead, you are asked every time. On Android it's different, but not a security flaw. You look at the permissions you are granting to the application and decide if they fit the task. You know before installation the permissions an application is requiring and decide to install or not.
An application can usually do whatever it wants, once you grant a permission, but I really don't understand why this is considered a problem only on Android. It's just FUD and I'd like to know who pays these researchers.

posted on 22 May 2014, 10:00

28. networkdood (Posts: 6260; Member since: 31 Mar 2010)


Here is the source link to the P.A. article:
http://snacksforyourmind.blogspot.com/2014/05/exploring-limits-of-covert-data.html

It really is not a big deal - but, I suppose some will be all up in arms...it is really just using common sense.
Keep in mind that the reason smartphones/devices are popular is that the media and the govt want them popular, so that you are easier to track. There are ways to limit the information that gets out of your smartphone, but not entirely.
If this bothers you, then stop using a smartphone...

posted on 22 May 2014, 10:53

29. wilsong17 (Posts: 777; Member since: 10 Mar 2013)


Wow stupid I have cerberus install in my phone I can command to take pic and videos and send it to my email remotely

posted on 22 May 2014, 13:08 1

31. garlic456 (Posts: 151; Member since: 24 Dec 2012)


I think facebook can be doing this. When you look at the task manager, facebook uses nearly one fifth of the cpu. Also people working in federal inteligences of a country aren't allowed to use the facebook application (they can still use the internet).

posted on 20 Jun 2014, 03:42

33. pradhuman (Posts: 7; Member since: 26 Dec 2013)


you guys must check bit.ly/spymycell_android_app its free for 15 days you can spy any android phone's data

* Some comments have been hidden, because they don't meet the discussions rules.

Want to comment? Please login or register.

Latest stories