Android mug shots have no lock and key

Mar 04, 2012 by Nancy Owano report
Android

(PhysOrg.com) -- If Google loyalists will persist that this Internet Goliath can do no evil, they at least need to admit, based on new evidence this week, that Google can do a lot of mindless harm. A security door in Android smartphones is left open that can enable Android apps to nab your photos without your permission. In fact this has been an unsettling week in smartphone revelations. People have been informed that whether their smartphone of choice is from Apple with iOS or another vendor’s phone with Android, they can never be certain who out there in cyberspace is able to view all their photos.

Apple’s OS was the first platform to get nailed for photo insecurity. The loophole is tied to the permission that apps seek to use location data, when access can be gained to the entire photo library.

Now The New York Times reports that because of a security loophole, Android apps can gain access to the photo libraries of users without permission and can copy the photographs to a remote server—with no impedance. According to experts, as long as an has the right to go to the Internet, the user’s can be copied to a remote server, with no notice to the user.

It is not clear whether any apps that are available for Android devices are actually doing this. What was confirmed by experts is that an app can read pictures without having to get any special permission.

As part of the NYT report, an Android developer put together a test application of a timer. When the app started and the timer was set, the app went into the photo library, retrieved the most recent image and was able to post it on a public photo-sharing site.

While the picture-scoffing app was only a test, the point was made that could do more to maintain people’s confidence in Android as a safe mobile platform for their smartphones.

In response, Google confirmed that it's an issue, and is looking into the situation.

Interestingly, Lookout, a mobile security company, late last year prepared a report listing the firm’s 2012 mobile threat predictions, In 2012, they said that they expected to see the mobile malware business turn profitable. “What took 15 years on the PC platform has only taken the mobile ecosystem two years.”

They talked about vulnerabilities in smartphones, saying that “due to the difficulty of updating software and patching vulnerabilities on phones, malware writers will continue to exploit iOS and OS at a pace greater than vulnerabilities can be resolved.”

Explore further: Microsoft beefs up security protection in Windows 10

More information: www.mylookout.com/news-mobile-… -threat-predictions/
bits.blogs.nytimes.com/2012/03/01/android-photos

Related Stories

Yahoo! helps find smartphone 'apps'

Jun 16, 2011

Yahoo! has begun helping people navigate the sea of applications available for Apple iPhones or mobile gadgets powered by Google-backed Android software.

Android users get malware with their apps

Mar 02, 2011

(PhysOrg.com) -- As new platforms make their way into the market there will always someone who is looking to exploit them for illegal or unethical ends. More proof of that fact has come today when Google was ...

How Secure are iPhone and Android Apps

Apr 01, 2010

(PhysOrg.com) -- Today's smartphones are pocket size computers that can be customized by downloading applications. This is what makes a smartphone vulnerable to cybercriminals. In this article we will examine ...

Recommended for you

Microsoft beefs up security protection in Windows 10

17 hours ago

What Microsoft users in business care deeply about—-a system architecture that supports efforts to get their work done efficiently; a work-centric menu to quickly access projects rather than weather readings ...

Team infuses science into 'Minecraft' modification

Oct 24, 2014

The 3-D world of the popular "Minecraft" video game just became more entertaining, perilous and educational, thanks to a comprehensive code modification kit, "Polycraft World," created by University of Texas at Dallas professors, ...

Microsoft's Garage becomes an incubator of consumer apps

Oct 24, 2014

For five years now, The Garage has served as Microsoft's incubator for employees' passion projects, an internal community of engineers, designers, hardware tinkerers and others from all different parts of the company who ...

Students win challenge for real-time traffic app

Oct 24, 2014

Three University of Texas at Arlington Computer Science and Engineering students have won a $10,000 prize in the NTx Apps Challenge for a smart traffic light network that adjusts traffic light schedules to ...

User comments : 6

Adjust slider to filter visible comments by rank

Display comments: newest first

Kedas
2 / 5 (4) Mar 04, 2012
The problem is that it should be the other way around: No permission unless granted, now it is open unless they add a lock. (and sometimes a very bad lock, like you can't lock it after opening)
The face recognizing lock gives a false sense of security since it are not your physical neighbours you have to be afraid of.
kaasinees
3.8 / 5 (4) Mar 04, 2012
In custom roms you can disable apps from doing things, like disable GPS access and whatnot. A permission manager should be a standard feature in android.
210
3.7 / 5 (6) Mar 04, 2012
Heck! I thought they were going to say, " ....NEWS FLASH: Android phones can invade your wife's birth canal!" or maybe, "...Android and Apple devices have all been implicated in the largest bank heists in history and may have been used to steal the gold from Fort Knox yesterday!"
Pictures? Photos? Okay...what have the evil and nefarious been doing with all these photos they have been stealing? ( I mean Paris Hilton and all the Hollywood wunderkind REGULARLY mail out sex tapes and photos, shucks, half the porn on earth is shot with phone cameras -just HOW BAD can the rest of the world be?!?)
I am sure everyone with a iPhone 4S has asked Siri about every dirty question the human race can imagine. By now, the 4S/Siri thinks, "... that is ALL humans care or think about! I will just talk to all my fellow iPhone 4s's and have them hand over wicked pictures and movies, ya know, just so my owner does not have to wait and they will love me even more..!"
word-to-ya-muthas
MikeLisanke
3.7 / 5 (3) Mar 04, 2012
The author Nancy Owano starts her article with a pejorative remark. Android software can't be regarded as any more safe than any other software on the Internet. Equating insider access to user data, with access a hacker can obtain is unfair to Google and the Andriod OS.

I've heard many times the evils of Google's data collection (from its users). Its only anecdotal, but; I've been happy with gmail and google docs almost from the beginning of Google's services.
stealthc
2.5 / 5 (2) Mar 05, 2012
ahh yes nothing evil or nefarious about destroying people's privacy, afterall it was google that reports that privacy is dead! Oh and yes they are not evil because of their motto that says they aren't evil. How convincing! The masses had better get a handle over the technology that they use or they will very quickly find their lives completely dominated by it.
orsat
not rated yet Mar 05, 2012
If I use android file encription on my smartphone,to protect my photos,can they still be accessed by other apps?