Android flaw allows developers to steal your photos

Android flaw allows developers to steal your photos
Now this is interesting. Turns out that iOS is not the only mobile platform having troubles securing personal stuff on users' devices. After exposing an iOS glitch that allowed developers to easily steal photos from iPhones and iPads, The New York Times conducted a similar investigation on Android smartphones only to discover that they were plagued by a similar flaw.

As long as an Android app has permission to access the internet, it is technically able upload all your photos to a remote server without the user's consent or knowledge. Taking things even further, an Android developer was asked to create a proof-of-concept app just to see how easy it is to access a smartphone's gallery. And the app worked – disguised as a simple timer, the only permission it asked for upon installation was internet access, and once triggered, it automatically uploaded the most recent picture onto a public photo sharing site.

This security flaw has a lot to do with the way early versions of Android were designed to work, explained a Google spokesman. Images stored in the gallery are meant to require no permission to access due to the fact that they are often stored on a removable microSD card, which should be easy to use on another device or replaced with a different microSD card. But since more and more smartphones and tablets now rely on non-removable storage, a photo access permission is already being considered, the Google spokesman added.

Until that happens, however, we have to hope that Google will be doing a good job at keeping those malicious apps out of the Android Market. And make sure you don't download apps from any shady-looking software marketplaces as you never know what troubles they might bring.

FEATURED VIDEO

10 Comments

1. Sniggly

Posts: 7305; Member since: Dec 05, 2009

Yeah, but which versions of Android does this happen on? All of them? And stealing my photos would probably be the thing I'd care the least about.

10. Goldeneye

Posts: 419; Member since: Jan 22, 2011

Really surprised on this opinion ^^^

2. RORYREVOLUTION

Posts: 3131; Member since: Jan 12, 2010

Ohhh noooo dont steal my Kate Upton photos i googled.....

5. protozeloz

Posts: 5396; Member since: Sep 16, 2010

don't steal the LOLI content ive downloaded :P

3. droidnator

Posts: 92; Member since: Mar 10, 2011

It's OK to be a fanboy, just not a blind one! Some photos may be too private to share with the rest of the world, regardless of their nature! Or you are simply being selfish and you wish to keep them to yourself... Whatever, my pics are my pics, they are not public. This should be fixed.

4. rd_nest

Posts: 1656; Member since: Jun 06, 2010

Android was never designed with this philosophy. It was done to work like desktop operating systems. Do you worry that MS Office gives no warning while opening photos or your Adobe software can open your photos? Android was built the same way. Better still, before installing any app, read the permissions tab CAREFULLY.

6. arcq12

Posts: 733; Member since: Oct 13, 2011

On Android, its user controlled because it depends on the App that you install, if you don't install the bogus App that does this, then they can't get your photos. While on iOS, its a bug in the OS itself where the user has no control over until Apple releases a patch or a fix. But either way are disturbing.

7. GALAXY-S

Posts: 701; Member since: Jun 07, 2011

ok if man can make it man can break it .. its that simple. it will happen with all OS

8. mozes316

Posts: 144; Member since: Sep 30, 2011

Wise words.

9. Forsaken77

Posts: 553; Member since: Jun 09, 2011

I think Google needs to clarify what permissions really have access to. If you see an app permission asking for internet access, you're not going to think it'll be able to upload photos, or contacts, or locations you visited. Google needs to really streamline their permissions to encompass only what the permission says.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.