x PhoneArena is hiring! Reviewer in the USA

Android flaw allows developers to steal your photos

Posted: , by Nick T.

Tags :

Android flaw allows developers to steal your photos
Now this is interesting. Turns out that iOS is not the only mobile platform having troubles securing personal stuff on users' devices. After exposing an iOS glitch that allowed developers to easily steal photos from iPhones and iPads, The New York Times conducted a similar investigation on Android smartphones only to discover that they were plagued by a similar flaw.

As long as an Android app has permission to access the internet, it is technically able upload all your photos to a remote server without the user's consent or knowledge. Taking things even further, an Android developer was asked to create a proof-of-concept app just to see how easy it is to access a smartphone's gallery. And the app worked – disguised as a simple timer, the only permission it asked for upon installation was internet access, and once triggered, it automatically uploaded the most recent picture onto a public photo sharing site.

This security flaw has a lot to do with the way early versions of Android were designed to work, explained a Google spokesman. Images stored in the gallery are meant to require no permission to access due to the fact that they are often stored on a removable microSD card, which should be easy to use on another device or replaced with a different microSD card. But since more and more smartphones and tablets now rely on non-removable storage, a photo access permission is already being considered, the Google spokesman added.

Until that happens, however, we have to hope that Google will be doing a good job at keeping those malicious apps out of the Android Market. And make sure you don't download apps from any shady-looking software marketplaces as you never know what troubles they might bring.

  • Options

posted on 02 Mar 2012, 03:02 2

1. Sniggly (Posts: 7305; Member since: 05 Dec 2009)

Yeah, but which versions of Android does this happen on? All of them?

And stealing my photos would probably be the thing I'd care the least about.

posted on 04 Mar 2012, 20:37

10. Goldeneye (Posts: 419; Member since: 22 Jan 2011)

Really surprised on this opinion ^^^

posted on 02 Mar 2012, 03:40 4

2. RORYREVOLUTION (Posts: 3117; Member since: 12 Jan 2010)

Ohhh noooo dont steal my Kate Upton photos i googled.....

posted on 02 Mar 2012, 06:06 4

5. protozeloz (Posts: 5396; Member since: 16 Sep 2010)

don't steal the LOLI content ive downloaded :P

posted on 02 Mar 2012, 03:52 4

3. droidnator (Posts: 90; Member since: 10 Mar 2011)

It's OK to be a fanboy, just not a blind one! Some photos may be too private to share with the rest of the world, regardless of their nature! Or you are simply being selfish and you wish to keep them to yourself... Whatever, my pics are my pics, they are not public. This should be fixed.

posted on 02 Mar 2012, 04:21 2

4. rd_nest (Posts: 1656; Member since: 06 Jun 2010)

Android was never designed with this philosophy. It was done to work like desktop operating systems. Do you worry that MS Office gives no warning while opening photos or your Adobe software can open your photos? Android was built the same way.
Better still, before installing any app, read the permissions tab CAREFULLY.

posted on 02 Mar 2012, 06:21 1

6. arcq12 (Posts: 733; Member since: 13 Oct 2011)

On Android, its user controlled because it depends on the App that you install, if you don't install the bogus App that does this, then they can't get your photos. While on iOS, its a bug in the OS itself where the user has no control over until Apple releases a patch or a fix.

But either way are disturbing.

posted on 02 Mar 2012, 10:16 6

7. GALAXY-S (Posts: 701; Member since: 07 Jun 2011)

ok if man can make it man can break it .. its that simple. it will happen with all OS

posted on 02 Mar 2012, 10:38 5

8. mozes316 (Posts: 142; Member since: 30 Sep 2011)

Wise words.

posted on 02 Mar 2012, 15:56

9. Forsaken77 (Posts: 553; Member since: 09 Jun 2011)

I think Google needs to clarify what permissions really have access to. If you see an app permission asking for internet access, you're not going to think it'll be able to upload photos, or contacts, or locations you visited. Google needs to really streamline their permissions to encompass only what the permission says.

Want to comment? Please login or register.

Latest stories