March 4, 2012 report
Android mug shots have no lock and key
Apples OS was the first platform to get nailed for photo insecurity. The loophole is tied to the permission that apps seek to use location data, when access can be gained to the entire photo library.
Now The New York Times reports that because of a security loophole, Android apps can gain access to the photo libraries of users without permission and can copy the photographs to a remote serverwith no impedance. According to experts, as long as an app has the right to go to the Internet, the users photos can be copied to a remote server, with no notice to the user.
It is not clear whether any apps that are available for Android devices are actually doing this. What was confirmed by experts is that an app can read pictures without having to get any special permission.
As part of the NYT report, an Android developer put together a test application of a timer. When the app started and the timer was set, the app went into the photo library, retrieved the most recent image and was able to post it on a public photo-sharing site.
While the picture-scoffing app was only a test, the point was made that Google could do more to maintain peoples confidence in Android as a safe mobile platform for their smartphones.
In response, Google confirmed that it's an issue, and is looking into the situation.
Interestingly, Lookout, a mobile security company, late last year prepared a report listing the firms 2012 mobile threat predictions, In 2012, they said that they expected to see the mobile malware business turn profitable. What took 15 years on the PC platform has only taken the mobile ecosystem two years.
They talked about vulnerabilities in smartphones, saying that due to the difficulty of updating software and patching vulnerabilities on mobile phones, malware writers will continue to exploit iOS and Android OS at a pace greater than vulnerabilities can be resolved.
© 2011 PhysOrg.com