Jump to content

Android Apps also have a backdoor to your photos


nsane.forums

Recommended Posts

nsane.forums

Recent investigations into the untidy state of smartphone app permissions have led to a startling discovery—Android apps can siphon photos off your phone as long as you give the app permission to access an Internet connection.

After throwing Apple into the fire for allowing social networking app Path to access a user's contacts without an explicit warning, further probes revealed that iOS apps could upload pictures from a user's gallery and send them to an unknown server as long as the user allowed the app to see pictures with location data on them. Today, an investigation by the New York Times revealed that Android's permissions system is allowing the same thing, although perhaps in a more nefarious way.

The Times got an Android developer to make a simple timer for a test app. When the app was launched, it asked for permission to access the Internet, making no mention of access to the user's photo gallery. Once the permission was accepted, however, the app accessed the user's most recent photo and uploaded it to a public website.

Google responded by saying that the privacy breach is a legacy of the way old Android phones handled photos—usually on external SD cards that could be removed and exchanged so that users could grant permissions to access the data off one memory card but not another.

The photo uploading problem is yet another privacy fumble in which Apple is caught first, but Android is also found culpable later, like when iOS phones were found tracking location data and storing it in a file on the phone in mid-2011. In response to the Times' questions on photo uploading, Google said it would consider changing its approach, but asserted that its security system Bouncer screened applications for inappropriate implementation of permissions.

view.gif View: Original Article

Link to comment
Share on other sites

  • Replies 0
  • Views 957
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...