Now this is interesting. Turns out that iOS is not the only mobile platform having troubles securing personal stuff on users' devices. After exposing an iOS glitch that allowed developers to easily steal photos
from iPhones and iPads, The New York Times
conducted a similar investigation on Android smartphones only to discover that they were plagued by a similar flaw.
As long as an Android app has permission to access the internet, it is technically able upload all your photos
to a remote server without the user's consent or knowledge. Taking things even further, an Android developer was asked to create a proof-of-concept app just to see how easy it is to access a smartphone's gallery. And the app worked – disguised as a simple timer, the only permission it asked for upon installation was internet access, and once triggered, it automatically uploaded the most recent picture onto a public photo sharing site.
This security flaw has a lot to do with the way early versions of Android were designed to work, explained a Google spokesman. Images stored in the gallery are meant to require no permission to access due to the fact that they are often stored on a removable microSD card, which should be easy to use on another device or replaced with a different microSD card. But since more and more smartphones and tablets now rely on non-removable storage, a photo access permission is already being considered, the Google spokesman added.
Until that happens, however, we have to hope that Google will be doing a good job at keeping those malicious apps out of the Android Market. And make sure you don't download apps from any shady-looking software marketplaces as you never know what troubles they might bring.