Android mug shots have no lock and key

Mar 04, 2012 by Nancy Owano report
Android

(PhysOrg.com) -- If Google loyalists will persist that this Internet Goliath can do no evil, they at least need to admit, based on new evidence this week, that Google can do a lot of mindless harm. A security door in Android smartphones is left open that can enable Android apps to nab your photos without your permission. In fact this has been an unsettling week in smartphone revelations. People have been informed that whether their smartphone of choice is from Apple with iOS or another vendor’s phone with Android, they can never be certain who out there in cyberspace is able to view all their photos.

Apple’s OS was the first platform to get nailed for photo insecurity. The loophole is tied to the permission that apps seek to use location data, when access can be gained to the entire photo library.

Now The New York Times reports that because of a security loophole, Android apps can gain access to the photo libraries of users without permission and can copy the photographs to a remote server—with no impedance. According to experts, as long as an has the right to go to the Internet, the user’s can be copied to a remote server, with no notice to the user.

It is not clear whether any apps that are available for Android devices are actually doing this. What was confirmed by experts is that an app can read pictures without having to get any special permission.

As part of the NYT report, an Android developer put together a test application of a timer. When the app started and the timer was set, the app went into the photo library, retrieved the most recent image and was able to post it on a public photo-sharing site.

While the picture-scoffing app was only a test, the point was made that could do more to maintain people’s confidence in Android as a safe mobile platform for their smartphones.

In response, Google confirmed that it's an issue, and is looking into the situation.

Interestingly, Lookout, a mobile security company, late last year prepared a report listing the firm’s 2012 mobile threat predictions, In 2012, they said that they expected to see the mobile malware business turn profitable. “What took 15 years on the PC platform has only taken the mobile ecosystem two years.”

They talked about vulnerabilities in smartphones, saying that “due to the difficulty of updating software and patching vulnerabilities on phones, malware writers will continue to exploit iOS and OS at a pace greater than vulnerabilities can be resolved.”

Explore further: Spliddit helps divide bills, credit, material items fairly

More information: www.mylookout.com/news-mobile-… -threat-predictions/
bits.blogs.nytimes.com/2012/03/01/android-photos

Related Stories

Yahoo! helps find smartphone 'apps'

Jun 16, 2011

Yahoo! has begun helping people navigate the sea of applications available for Apple iPhones or mobile gadgets powered by Google-backed Android software.

Android users get malware with their apps

Mar 02, 2011

(PhysOrg.com) -- As new platforms make their way into the market there will always someone who is looking to exploit them for illegal or unethical ends. More proof of that fact has come today when Google was ...

How Secure are iPhone and Android Apps

Apr 01, 2010

(PhysOrg.com) -- Today's smartphones are pocket size computers that can be customized by downloading applications. This is what makes a smartphone vulnerable to cybercriminals. In this article we will examine ...

Recommended for you

Singapore moves to regulate taxi booking apps

Nov 21, 2014

Singapore on Friday announced new rules for mobile taxi booking apps, including US-based Uber, in the latest move by governments around the world to regulate the increasingly popular services.

Protecting personal data in the cloud

Nov 20, 2014

IBM today announced it has patented the design for a data privacy engine that can more efficiently and affordably help businesses protect personal data as it is transferred between countries, including across private clouds.

User comments : 6

Adjust slider to filter visible comments by rank

Display comments: newest first

Kedas
2 / 5 (4) Mar 04, 2012
The problem is that it should be the other way around: No permission unless granted, now it is open unless they add a lock. (and sometimes a very bad lock, like you can't lock it after opening)
The face recognizing lock gives a false sense of security since it are not your physical neighbours you have to be afraid of.
kaasinees
3.8 / 5 (4) Mar 04, 2012
In custom roms you can disable apps from doing things, like disable GPS access and whatnot. A permission manager should be a standard feature in android.
210
3.7 / 5 (6) Mar 04, 2012
Heck! I thought they were going to say, " ....NEWS FLASH: Android phones can invade your wife's birth canal!" or maybe, "...Android and Apple devices have all been implicated in the largest bank heists in history and may have been used to steal the gold from Fort Knox yesterday!"
Pictures? Photos? Okay...what have the evil and nefarious been doing with all these photos they have been stealing? ( I mean Paris Hilton and all the Hollywood wunderkind REGULARLY mail out sex tapes and photos, shucks, half the porn on earth is shot with phone cameras -just HOW BAD can the rest of the world be?!?)
I am sure everyone with a iPhone 4S has asked Siri about every dirty question the human race can imagine. By now, the 4S/Siri thinks, "... that is ALL humans care or think about! I will just talk to all my fellow iPhone 4s's and have them hand over wicked pictures and movies, ya know, just so my owner does not have to wait and they will love me even more..!"
word-to-ya-muthas
MikeLisanke
3.7 / 5 (3) Mar 04, 2012
The author Nancy Owano starts her article with a pejorative remark. Android software can't be regarded as any more safe than any other software on the Internet. Equating insider access to user data, with access a hacker can obtain is unfair to Google and the Andriod OS.

I've heard many times the evils of Google's data collection (from its users). Its only anecdotal, but; I've been happy with gmail and google docs almost from the beginning of Google's services.
stealthc
2.5 / 5 (2) Mar 05, 2012
ahh yes nothing evil or nefarious about destroying people's privacy, afterall it was google that reports that privacy is dead! Oh and yes they are not evil because of their motto that says they aren't evil. How convincing! The masses had better get a handle over the technology that they use or they will very quickly find their lives completely dominated by it.
orsat
not rated yet Mar 05, 2012
If I use android file encription on my smartphone,to protect my photos,can they still be accessed by other apps?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.