Android a photo-slurper too: report
Don’t use smartphones for
naughty pics any pics
On the heels of last week’s controversy regarding the photo-slurping habits of iPhones come reports that Android can play similar games with privacy.
Following the template it used to demonstrate the iOS vulnerability, the New York Times commissioned an Android app developer, Ralph Gootee of Loupe, to put together a demo app which, once installed, grabs the newest photo in the target smartphone and posts it to a public Website.
The exploit depends on a flaw in how permissions are granted by Android: the user is asked whether the app can access the Internet. A “yes” response also gives the app access to the photo library, even though this isn’t mentioned to the user.
While it’s hard to tell whether these privacy issues are deliberate or stuff-ups, it’s increasingly clear that both Apple and Google are struggling with the granularity of permissions. Neither users nor developers want to navigate a phone’s entire feature set merely to work out what an app can and cannot do; but it’s hard to simplify permissions without them leaking from one function to another. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero Day Initiative
- Zero trust