Don’t Call It A Security Hole: Android Apps Can Access All Of Your Naughty Photos

As most of you probably wont know — being primarily Android users and all — there’s been a lot of commotion these past couple of days regarding Apple’s mobile platform. Apparently, any and all iOS applications can easily access locally stored photos saved onto a device without a user’s consent. Sounds scary, right?

Before you point and give a Nelson “Ha-ha,” it would behoove you to know that Android applications are capable of doing the exact same thing. A little differently, mind you, but largely the same thing. In the coming days this news will no doubt make just as big of a splash as its iOS counterpart, sending the uninformed consumer into a tissy. But before you run out and throw your phone into the dumpster, you should know that this isn’t exactly a security hole. It’s just how the operating system works.

And not to sketch you out even further, but it’s actually the same way the operating system on your computer works too. Yup. Windows. OSX. Mac. PC. Because your computer stores pics locally on your hard drive (and Android stores them on a micro SD or internal storage), technically it would be possible for just about any application on your PC to also gain access to your photos — just like Android (and iOS). Does that mean your new Twitter application is uploading your racy pics to some dark warehouse in the South Americas? I would hope not.

This is exactly what Google addressed to TheVerge in a statement,

We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS. At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images.

As phones and tablets have evolved to rely more on built-in, non-removable memory, we’re taking another look at this and considering adding a permission for apps to access images. We’ve always had policies in place to remove any apps on Android Market that improperly access your data.

As we move away from micro SD card slots in our phones ( HTC One X) and to nothing but non-removable storage, Google could soon be implementing some kind of firewall, or just added permission settings for users who want to keep their photos locked down. Let’s hope it’s not at the cost of features like Android’s intents. We’ve already seen the problems fear and added security can create. Just take a look at the TSA.

Continue reading:

  • Defenestratus

    File this under “Duhhh”

  • Tati

    Simply put, don’t go around the market installing all type of apps. Check permissions and ask yourself a few questions:

    1. can i trust this dev. 
    2. what kind of trust does he/she require

    • Magus2300

      I still say we need the ability to do a line-item-veto of permissions for all apps.  If an app asks for Full Internet Access and it’s a simple text editor (that you can’t live without), just veto the internet access permission.  Simple.

      • Chris Chavez

        Well, there’s a lot of permissions that sound super sketchy (they’re almost MADE to sound that way) and after an explanation from the dev, make perfect sense. 

        I think developers should be required to list — alongside the permissions — WHY their apps are requesting that. Full disclosure. 

        Then your idea comes into play where we can click an “X” button and disallow what we don’t feel the app really needs.

        Still, I think this could kill a whole lot of functionality in a bunch of apps and create poor end user experiences which will result in poor reviews and app developers going elsewhere. =/

        • Magus2300

          Maybe, but by the same token, if the app is written well and the permissions are clearly explained and only NECESSARY permissions are requested, then we avoid that situation altogether.

      • Iucidium

        Miui does that.

      • Ash

        You know, there are a few apps for that.

        • Magus2300

          For rooted users.  I’m talking about for us non-rooted users.

  • Ilan Cortes

    That’s how I made it to 4chan. Aw man.

    • abc

      What is 4chan?

      • Derryn Jones

        If you don’t know, you are of the untouched. Do yourself a favour and don’t ask about it lol.

      • Iucidium

        Pretend the internet doesn’t exist. Turn enable data off on your phone.
        get out while you can.

      • ari_free

        A really bad joke.

  • scott lathrop

    HA HA!!

    • scott lathrop

      I meant D’OH!!

  • gloriousnumber1

    Good thing I don’t have any pictures on my phone that I would be ashamed of!

  • ShangTsung702

    If anyone has pics of “my junk”, can you please return them?  Return them or enjoy…whichever. Thanks! ;)

  • abc

    Well I don’t have to worry about “naughty pics.” I don’t take pictures like that. 

    Still, security should be increased.

  • androidica

    Glad to see google is getting to work on this issue.Maybe develop some sort of google vault to lock images or make the app permission user selectable.

  • wh1ps04r

    When you accept permissions related to SD storage, you accept the possibility that the app can access anything on your SD. iOs doesnt have such a permission system, and access can be granted as a side effect of allowing an App to get/track your location – which is a bug. Nice story, tho, brah.

    • pepperonijack

      Except that there is no permission for reading files on the SD, so EVERY app can access all the files there. So, nice missing the point of the story, bro.

      • wh1ps04r

        You’re right. I totally missed the point re: reading SD on Android. C u at christmas dinner.

      • Manbo

         U mad bro?

  • Dave

    Utter non story.

    But the biggest concern in the article was “as we move away from sd storage…”. Get this phone makers, I wa.t my data on my phone in an easy to access system. I don’t want restrictions because you thought it would be a good idea only to include 16gb of on board space, or cloud storage where I am at the whim of network coverage and download/speed limitations.

  • jawman

    Lol on the TSA reference. Those goons are absolutely worthless.

    • Chris Chavez

      They will confiscate your breast milk! lol

  • James

    Good to know about Android Apps Can Access All Of Your Naughty Photos

  • Lauren Berns
  • mikey

    Just look at the g+ app it uploads all of your pics to a private album but they are Indeed out there

  • Off_Road_Racing

    Move away from SD cards? Excuse me? I don’t want movies hoggin up space on my phone. And don’t tell me to just stream HD movies on my tiered data plan.

    I betta see some external memory slots on my Android phone, baby-boo. LoL!!