Android Apps Can Access, Copy Photos Stored on Your Phone

android-photosAndroid users have been warned that applications could be sending back photos stored on their phone to remote servers without their permission in yet another major security worry for the popular operating system, according to a New York Times report.

The issue revolves around a permissions loophole that grants third-party app developers the ability to copy users photos to a remote server without notice, as long as a user given the app consent to access the internet.

Google has admitted the loophole exists and may consider changing its approach, according to the report.

“We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS,” a Google spokesman told the NYTimes via e-mail. “At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images. As phones and tablets have evolved to rely more on built-in, nonremovable memory, we’re taking another look at this and considering adding a permission for apps to access images. We’ve always had policies in place to remove any apps on Android Market that improperly access your data.”

Security analysts expressed shock at the revelation, with F-Secure analyst Sean Sullivan urging Google to address the issue as a top priority, particularly due to the risk of malicious apps emanating from the Far East.

“Google should consider changing it sooner than later. It’s very surprising there isn’t already an app that does this in a third-party Chinese market. Of all the places in the world that innovate spy-tools/backdoors/webcam trojans – it’s China,” he said.

Citing a similar report highlighting the same problem with Apple’s iOS, analysts have since suggested that the loopholes demonstrate a problem with mobile security across the board.

“The lack of special permissions required to access personal user data such as photos on a mobile platform is truly alarming, particularly when abuse of that information is possible simply through the request of another apparently unrelated permission, such as internet access,” commented Trend Micro security expert Rik Ferguson. “The system of app permissions should be designed with a higher degree of security than is currently the case, this is not only true of Android but other major mobile operating systems as well.”

Google has already come in for widespread criticism this week for pushing ahead with changes to its privacy policy. Google also recently came under fire for tracking Safari and Internet Explorer users without permission.

This article was originally published on V3.

Related reading

top trends to increase value from paid search spend
what can we learn from voice search in 2018?
Google Ads 2019: What to look out for
mobile search and video in 2019: how visible are you?