Android mug shots have no lock and key

( -- If Google loyalists will persist that this Internet Goliath can do no evil, they at least need to admit, based on new evidence this week, that Google can do a lot of mindless harm. A security door in Android smartphones is left open that can enable Android apps to nab your photos without your permission. In fact this has been an unsettling week in smartphone revelations. People have been informed that whether their smartphone of choice is from Apple with iOS or another vendor’s phone with Android, they can never be certain who out there in cyberspace is able to view all their photos.

Apple’s OS was the first platform to get nailed for photo insecurity. The loophole is tied to the permission that apps seek to use location data, when access can be gained to the entire photo library.

Now The New York Times reports that because of a security loophole, Android apps can gain access to the photo libraries of users without permission and can copy the photographs to a remote server—with no impedance. According to experts, as long as an has the right to go to the Internet, the user’s can be copied to a remote server, with no notice to the user.

It is not clear whether any apps that are available for Android devices are actually doing this. What was confirmed by experts is that an app can read pictures without having to get any special permission.

As part of the NYT report, an Android developer put together a test application of a timer. When the app started and the timer was set, the app went into the photo library, retrieved the most recent image and was able to post it on a public photo-sharing site.

While the picture-scoffing app was only a test, the point was made that could do more to maintain people’s confidence in Android as a safe mobile platform for their smartphones.

In response, Google confirmed that it's an issue, and is looking into the situation.

Interestingly, Lookout, a mobile security company, late last year prepared a report listing the firm’s 2012 mobile threat predictions, In 2012, they said that they expected to see the mobile malware business turn profitable. “What took 15 years on the PC platform has only taken the mobile ecosystem two years.”

They talked about vulnerabilities in smartphones, saying that “due to the difficulty of updating software and patching vulnerabilities on phones, malware writers will continue to exploit iOS and OS at a pace greater than vulnerabilities can be resolved.”

Explore further

Android Trojan dubbed ‘Geinimi’ found in legitimate applications

More information: … -threat-predictions/

© 2011

Citation: Android mug shots have no lock and key (2012, March 4) retrieved 27 June 2019 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Mar 04, 2012
The problem is that it should be the other way around: No permission unless granted, now it is open unless they add a lock. (and sometimes a very bad lock, like you can't lock it after opening)
The face recognizing lock gives a false sense of security since it are not your physical neighbours you have to be afraid of.

Mar 04, 2012
In custom roms you can disable apps from doing things, like disable GPS access and whatnot. A permission manager should be a standard feature in android.

Mar 04, 2012
Heck! I thought they were going to say, " ....NEWS FLASH: Android phones can invade your wife's birth canal!" or maybe, "...Android and Apple devices have all been implicated in the largest bank heists in history and may have been used to steal the gold from Fort Knox yesterday!"
Pictures? Photos? Okay...what have the evil and nefarious been doing with all these photos they have been stealing? ( I mean Paris Hilton and all the Hollywood wunderkind REGULARLY mail out sex tapes and photos, shucks, half the porn on earth is shot with phone cameras -just HOW BAD can the rest of the world be?!?)
I am sure everyone with a iPhone 4S has asked Siri about every dirty question the human race can imagine. By now, the 4S/Siri thinks, "... that is ALL humans care or think about! I will just talk to all my fellow iPhone 4s's and have them hand over wicked pictures and movies, ya know, just so my owner does not have to wait and they will love me even more..!"

Mar 04, 2012
The author Nancy Owano starts her article with a pejorative remark. Android software can't be regarded as any more safe than any other software on the Internet. Equating insider access to user data, with access a hacker can obtain is unfair to Google and the Andriod OS.

I've heard many times the evils of Google's data collection (from its users). Its only anecdotal, but; I've been happy with gmail and google docs almost from the beginning of Google's services.

Mar 05, 2012
ahh yes nothing evil or nefarious about destroying people's privacy, afterall it was google that reports that privacy is dead! Oh and yes they are not evil because of their motto that says they aren't evil. How convincing! The masses had better get a handle over the technology that they use or they will very quickly find their lives completely dominated by it.

Mar 05, 2012
If I use android file encription on my smartphone,to protect my photos,can they still be accessed by other apps?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more