Android mug shots have no lock and key

Mar 04, 2012 by Nancy Owano report
Android

(PhysOrg.com) -- If Google loyalists will persist that this Internet Goliath can do no evil, they at least need to admit, based on new evidence this week, that Google can do a lot of mindless harm. A security door in Android smartphones is left open that can enable Android apps to nab your photos without your permission. In fact this has been an unsettling week in smartphone revelations. People have been informed that whether their smartphone of choice is from Apple with iOS or another vendor’s phone with Android, they can never be certain who out there in cyberspace is able to view all their photos.

Apple’s OS was the first platform to get nailed for photo insecurity. The loophole is tied to the permission that apps seek to use location data, when access can be gained to the entire photo library.

Now The New York Times reports that because of a security loophole, Android apps can gain access to the photo libraries of users without permission and can copy the photographs to a remote server—with no impedance. According to experts, as long as an has the right to go to the Internet, the user’s can be copied to a remote server, with no notice to the user.

It is not clear whether any apps that are available for Android devices are actually doing this. What was confirmed by experts is that an app can read pictures without having to get any special permission.

As part of the NYT report, an Android developer put together a test application of a timer. When the app started and the timer was set, the app went into the photo library, retrieved the most recent image and was able to post it on a public photo-sharing site.

While the picture-scoffing app was only a test, the point was made that could do more to maintain people’s confidence in Android as a safe mobile platform for their smartphones.

In response, Google confirmed that it's an issue, and is looking into the situation.

Interestingly, Lookout, a mobile security company, late last year prepared a report listing the firm’s 2012 mobile threat predictions, In 2012, they said that they expected to see the mobile malware business turn profitable. “What took 15 years on the PC platform has only taken the mobile ecosystem two years.”

They talked about vulnerabilities in smartphones, saying that “due to the difficulty of updating software and patching vulnerabilities on phones, malware writers will continue to exploit iOS and OS at a pace greater than vulnerabilities can be resolved.”

Explore further: Ecologists warn of overreliance on unvetted computer source code by researchers

More information: www.mylookout.com/news-mobile-security/2012-mobile-threat-predictions/
bits.blogs.nytimes.com/2012/03/01/android-photos

add to favorites email to friend print save as pdf podcast

Related Stories

Yahoo! helps find smartphone 'apps'

Jun 16, 2011

Yahoo! has begun helping people navigate the sea of applications available for Apple iPhones or mobile gadgets powered by Google-backed Android software.

Android users get malware with their apps

Mar 02, 2011

(PhysOrg.com) -- As new platforms make their way into the market there will always someone who is looking to exploit them for illegal or unethical ends. More proof of that fact has come today when Google was ...

How Secure are iPhone and Android Apps

Apr 01, 2010

(PhysOrg.com) -- Today's smartphones are pocket size computers that can be customized by downloading applications. This is what makes a smartphone vulnerable to cybercriminals. In this article we will examine ...

Recommended for you

Research finds new channels to trigger mobile malware

May 16, 2013

(Phys.org) —Researchers at the University of Alabama at Birmingham (UAB) have uncovered new hard-to-detect methods that criminals may use to trigger mobile device malware that could eventually lead to targeted ...

Fewer Facebook users take a liking to its new Home software

May 16, 2013

It may be too soon to call Facebook Home a flop. But it's clearly not the breakout hit that some expected. One month after its splashy debut, fewer and fewer people are downloading Facebook's new mobile software. It took ...

Google adds player matching to Android

May 15, 2013

Google is adding leaderboards and the ability to match players in online games to its Android operating system for smartphones and tablet computers.

User comments : 6

Adjust slider to filter visible comments by rank

Display comments: newest first

Kedas
2 / 5 (4) Mar 04, 2012
The problem is that it should be the other way around: No permission unless granted, now it is open unless they add a lock. (and sometimes a very bad lock, like you can't lock it after opening)
The face recognizing lock gives a false sense of security since it are not your physical neighbours you have to be afraid of.
kaasinees
3.8 / 5 (4) Mar 04, 2012
In custom roms you can disable apps from doing things, like disable GPS access and whatnot. A permission manager should be a standard feature in android.
210
4.2 / 5 (5) Mar 04, 2012
Heck! I thought they were going to say, " ....NEWS FLASH: Android phones can invade your wife's birth canal!" or maybe, "...Android and Apple devices have all been implicated in the largest bank heists in history and may have been used to steal the gold from Fort Knox yesterday!"
Pictures? Photos? Okay...what have the evil and nefarious been doing with all these photos they have been stealing? ( I mean Paris Hilton and all the Hollywood wunderkind REGULARLY mail out sex tapes and photos, shucks, half the porn on earth is shot with phone cameras -just HOW BAD can the rest of the world be?!?)
I am sure everyone with a iPhone 4S has asked Siri about every dirty question the human race can imagine. By now, the 4S/Siri thinks, "... that is ALL humans care or think about! I will just talk to all my fellow iPhone 4s's and have them hand over wicked pictures and movies, ya know, just so my owner does not have to wait and they will love me even more..!"
word-to-ya-muthas
MikeLisanke
3.7 / 5 (3) Mar 04, 2012
The author Nancy Owano starts her article with a pejorative remark. Android software can't be regarded as any more safe than any other software on the Internet. Equating insider access to user data, with access a hacker can obtain is unfair to Google and the Andriod OS.

I've heard many times the evils of Google's data collection (from its users). Its only anecdotal, but; I've been happy with gmail and google docs almost from the beginning of Google's services.
stealthc
2.5 / 5 (2) Mar 05, 2012
ahh yes nothing evil or nefarious about destroying people's privacy, afterall it was google that reports that privacy is dead! Oh and yes they are not evil because of their motto that says they aren't evil. How convincing! The masses had better get a handle over the technology that they use or they will very quickly find their lives completely dominated by it.
orsat
not rated yet Mar 05, 2012
If I use android file encription on my smartphone,to protect my photos,can they still be accessed by other apps?

More news stories

Internet in 'coma' as Iran election looms

Iran is tightening control of the Internet ahead of next month's presidential election, mindful of violent street protests that social networkers inspired last time around over claims of fraud, users and ...

Morocco to harness the wind in energy hunt

Morocco is ploughing ahead with a programme to boost wind energy production, particularly in the southern Tarfaya region, where Africa's largest wind farm is set to open in 2014.

Russia retrieves mice, newts from space

A Russian capsule filled with 45 mice and 15 newts along with other small animals returned from a month's mission in orbit on Sunday with data scientists hope will pave the way for a manned flight to Mars.

Honeybees trained in Croatia to find land mines

(AP)—Mirjana Filipovic is still haunted by the land mine blast that killed her boyfriend and blew off her left leg while on a fishing trip nearly a decade ago. It happened in a field that was supposedly ...