Android apps are able to take photos and store them on a server without the user noticing anything

Android apps are able to take photos and store them on a server without the user noticing anything
Computer scientist and blogger Szymon Sidor has exposed a loophole in Android that lets creative hackers spy on users through their devices' cameras without the victims noticing anything. There are apps on the Play Store that try to take photos without alerting the user, but all of them require visible app activity and the phone screen to be turned on. In the name of computer science, Sidor tried to see how far down the rabbit hole of spying apps can go.

Knowing that using the camera on Android to take photos and record video requires a preview to be displayed on screen, but it doesn't require background services to have visible activity, he wrote a crafty little camera app for the Nexus 5. It creates a View object sized precisely 1 by 1 pixel, and feeds video preview from the front or rear camera to it. This miniscule pixel makes it possible to take photos even when the Nexus 5's display is turned off by the user. It's virtually impossible to notice its presence, as there are approximately 445 pixels per every inch of the smartphone's display.

In short, Sidor concludes that Android apps are able to take photos without alerting the user, showing themselves in the list of installed applications, and able to send photos over the Internet to a private server. The scientist has published a proof-of-concept video, which renders the discovery even more disturbing. Thanks to the quality of the photos and embedded location data, attackers are able to see both what you're doing and where you're doing it. Hopefully, Google is on the case.


source: Snacks for your mind

FEATURED VIDEO

33 Comments

1. Lt.Green

Posts: 397; Member since: Mar 13, 2014

Sh!t just got real.

18. engineer-1701d unregistered

if you are rooted then this is not a problem by limiting the permissions on the app. but all newer phones do this all platforms. just like remote pc turning on your camera and seeing whats going on around you, or if phone is lost turning on camera and take a pic of people who stole it.

26. networkdood

Posts: 6330; Member since: Mar 31, 2010

Just get App OPS

32. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

The sad thing is that there still is some herd of rabid fanboys who attack people who want rootable phones.

25. RaKithAPeiRiZ

Posts: 1488; Member since: Dec 29, 2011

Windows PCs already infected with this hack , the backdoors are built in , it gets activated once a virtual handshake takes place , it takes screenshots at random and sends them to remote servers once you establish a network connection

2. xeonfire

Posts: 93; Member since: Feb 15, 2014

Invasion of the pixel kind...

3. vincelongman

Posts: 5579; Member since: Feb 10, 2013

This is why OEMs need to start using the Snapdragon 200 instead of the 800, that way the phone would lag if an app tries to covertly record anything Jokes, aside this does shows the downside of Android being very open and dev friendly

4. ShenAlJoker

Posts: 113; Member since: Jul 19, 2013

Where are the fandroids??????????????

6. RebelwithoutaClue

Posts: 5473; Member since: Apr 05, 2013

No worries here, since I use Appops X to limit apps I have installed. Besides that, I hardly install new apps and the ones I do have, I trust. But besides that, good thing this is discovered and hopefully Google will tackle this issue. Taking secret pics are already used by certain anti-theft apps.

16. Whateverman

Posts: 3295; Member since: May 17, 2009

Why do you care???????????

20. boosook

Posts: 1442; Member since: Nov 19, 2012

Here's one. I don't see the problem... does the app require the permission to take pictures? You know it can do it. Does the app require internet access? Of course it can take pictures and then upload them to a server. Is this a security flaw? And if yes, why? When you install an application on your Windows or Mac laptop, it could turn on the webcam and microphone and send everything to a server. That's why integrated webcams have a lens cover... but you can't do anything for the microphone, and you would need a firewall to block unwanted internet connection... and so where is the problem? When you install an application, unless it's open source, you don't know what it really does. At least, on Android, you can decide yourself if the hardware permissions that an app asks for are adequate for the task it has to perform.

23. Scott93274

Posts: 6021; Member since: Aug 06, 2013

Calm down buddy, he's just looking for anything to upset Android users because he's upset that the Microsoft brand is valued nearly $70 Billion below Google.

27. networkdood

Posts: 6330; Member since: Mar 31, 2010

damn, I did not know that MS dropped that low..

30. noler

Posts: 326; Member since: Aug 19, 2013

You are lucky that Google sends you money, MS do not send me anything :(

5. Anshulonweb

Posts: 468; Member since: Feb 07, 2014

still not more dangerous and risk as apple collecting fingerprints....

8. RebelwithoutaClue

Posts: 5473; Member since: Apr 05, 2013

Fingerprints are stored on a local encrypted chip and aren't send to Apple.

13. Edward_bly

Posts: 278; Member since: Dec 11, 2013

How the heck would you know?

15. RebelwithoutaClue

Posts: 5473; Member since: Apr 05, 2013

http://www.cnet.com/news/sen-franken-questions-privacy-of-iphone-5s-fingerprint-scanner/ It has been a privacy concern for many websites/people and written about many times

19. engineer-1701d unregistered

who do people care about fingerprint and pics being taking, nsa and the gov have your info and pics and video all the time every atm has a cam and traffic light and on top of that, all it takes is a bad person to take your bank account number and soc, and bye bye money and your life this is the least of peoples problems unless your doing something your not supposed to do,.

24. RebelwithoutaClue

Posts: 5473; Member since: Apr 05, 2013

I disagree, you might not be interesting as an individual, but as a group, normal harmless people might be a 'threat'. The NSA has the perfect tool to keep close watch on groups of people disagreeing with the government or just social unrest. Which might escalate in something bigger, the government hasn't control over. But they can keep tabs on key people, controlling them via information,pressuring them for instance. This way the powers that be, will stay in control.

7. apple4never

Posts: 1064; Member since: May 08, 2013

wow lol, time to duck tape my cameras till i have to use it

9. xondk

Posts: 1904; Member since: Mar 25, 2014

Pretty sure said app still needs to have camera privileges soo if it asks for them, you know it can take pictures, don't get shady apps that ask for a million privileges to do seemingly very little. *coughfacebookcough*

10. My1cent

Posts: 370; Member since: Jan 30, 2014

Check "Data usage" to see list of every app that sending data via internet may help you find a suspicious app.

11. totex71

Posts: 9; Member since: Feb 19, 2014

Nothing new here..

12. Edward_bly

Posts: 278; Member since: Dec 11, 2013

With the technology today anyone can find out out almost anything. Truth is I don't care, I'm not afraid.

14. AfterShock

Posts: 4146; Member since: Nov 02, 2012

Not concerned.

21. TheGenius

Posts: 339; Member since: Mar 06, 2014

Myappsharer by jones chi Its available for free on playstore.

22. boosook

Posts: 1442; Member since: Nov 19, 2012

Oh, please... not again! Yes, applications can do all sort of things, it has happened for 40 years, and so it will be in the future... what's the problem? The app asks for camera and internet access permissions, and once you grant them, why should you be asked again every time the app needs to perform its work? Those kind of alerts are from people used to how iOS works. So they think it's a security issue, while the problem is just that they "think iOS". In iOS, you don't know what permissions an app requires before installing it. Instead, you are asked every time. On Android it's different, but not a security flaw. You look at the permissions you are granting to the application and decide if they fit the task. You know before installation the permissions an application is requiring and decide to install or not. An application can usually do whatever it wants, once you grant a permission, but I really don't understand why this is considered a problem only on Android. It's just FUD and I'd like to know who pays these researchers.

28. networkdood

Posts: 6330; Member since: Mar 31, 2010

Here is the source link to the P.A. article:http://snacksforyourmind.blogspot.com/2014/05/exploring-limits-of-covert-data.html It really is not a big deal - but, I suppose some will be all up in arms...it is really just using common sense. Keep in mind that the reason smartphones/devices are popular is that the media and the govt want them popular, so that you are easier to track. There are ways to limit the information that gets out of your smartphone, but not entirely. If this bothers you, then stop using a smartphone...

29. wilsong17 unregistered

Wow stupid I have cerberus install in my phone I can command to take pic and videos and send it to my email remotely

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.