Uncategorized

Don’t Call It A Security Hole: Android Apps Can Access All Of Your Naughty Photos

30

As most of you probably wont know — being primarily Android users and all — there’s been a lot of commotion these past couple of days regarding Apple’s mobile platform. Apparently, any and all iOS applications can easily access locally stored photos saved onto a device without a user’s consent. Sounds scary, right?

Before you point and give a Nelson “Ha-ha,” it would behoove you to know that Android applications are capable of doing the exact same thing. A little differently, mind you, but largely the same thing. In the coming days this news will no doubt make just as big of a splash as its iOS counterpart, sending the uninformed consumer into a tissy. But before you run out and throw your phone into the dumpster, you should know that this isn’t exactly a security hole. It’s just how the operating system works.

And not to sketch you out even further, but it’s actually the same way the operating system on your computer works too. Yup. Windows. OSX. Mac. PC. Because your computer stores pics locally on your hard drive (and Android stores them on a micro SD or internal storage), technically it would be possible for just about any application on your PC to also gain access to your photos — just like Android (and iOS). Does that mean your new Twitter application is uploading your racy pics to some dark warehouse in the South Americas? I would hope not.

This is exactly what Google addressed to TheVerge in a statement,

We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS. At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images.

As phones and tablets have evolved to rely more on built-in, non-removable memory, we’re taking another look at this and considering adding a permission for apps to access images. We’ve always had policies in place to remove any apps on Android Market that improperly access your data.

As we move away from micro SD card slots in our phones (HTC One X) and to nothing but non-removable storage, Google could soon be implementing some kind of firewall, or just added permission settings for users who want to keep their photos locked down. Let’s hope it’s not at the cost of features like Android’s intents. We’ve already seen the problems fear and added security can create. Just take a look at the TSA.

Chris Chavez
I've been obsessed with consumer technology for about as long as I can remember, be it video games, photography, or mobile devices. If you can plug it in, I have to own it. Preparing for the day when Android finally becomes self-aware and I get to welcome our new robot overlords.

AT&T Details Unlimited Data Policy – Throttling Begins After 3GB’s On 3G/4G, 5GB On 4G LTE

Previous article

Android Developers Give Us A Look Back At Their Booth At Mobile World Congress 2012 [Video]

Next article

You may also like

30 Comments

  1. File this under “Duhhh”

  2. Simply put, don’t go around the market installing all type of apps. Check permissions and ask yourself a few questions:

    1. can i trust this dev. 
    2. what kind of trust does he/she require

    1. I still say we need the ability to do a line-item-veto of permissions for all apps.  If an app asks for Full Internet Access and it’s a simple text editor (that you can’t live without), just veto the internet access permission.  Simple.

      1. Well, there’s a lot of permissions that sound super sketchy (they’re almost MADE to sound that way) and after an explanation from the dev, make perfect sense. 

        I think developers should be required to list — alongside the permissions — WHY their apps are requesting that. Full disclosure. 

        Then your idea comes into play where we can click an “X” button and disallow what we don’t feel the app really needs.

        Still, I think this could kill a whole lot of functionality in a bunch of apps and create poor end user experiences which will result in poor reviews and app developers going elsewhere. =/

        1. Maybe, but by the same token, if the app is written well and the permissions are clearly explained and only NECESSARY permissions are requested, then we avoid that situation altogether.

      2. Miui does that.

      3. You know, there are a few apps for that.

        1. For rooted users.  I’m talking about for us non-rooted users.

  3. That’s how I made it to 4chan. Aw man.

    1. What is 4chan?

      1. If you don’t know, you are of the untouched. Do yourself a favour and don’t ask about it lol.

      2. Pretend the internet doesn’t exist. Turn enable data off on your phone.
        get out while you can.

      3. A really bad joke.

  4. HA HA!!

    1. I meant D’OH!!

  5. Good thing I don’t have any pictures on my phone that I would be ashamed of!

  6. If anyone has pics of “my junk”, can you please return them?  Return them or enjoy…whichever. Thanks! ;)

  7. Well I don’t have to worry about “naughty pics.” I don’t take pictures like that. 

    Still, security should be increased.

  8. Glad to see google is getting to work on this issue.Maybe develop some sort of google vault to lock images or make the app permission user selectable.

  9. When you accept permissions related to SD storage, you accept the possibility that the app can access anything on your SD. iOs doesnt have such a permission system, and access can be granted as a side effect of allowing an App to get/track your location – which is a bug. Nice story, tho, brah.

    1. Except that there is no permission for reading files on the SD, so EVERY app can access all the files there. So, nice missing the point of the story, bro.

      1. You’re right. I totally missed the point re: reading SD on Android. C u at christmas dinner.

      2.  U mad bro?

  10. Utter non story.

    But the biggest concern in the article was “as we move away from sd storage…”. Get this phone makers, I wa.t my data on my phone in an easy to access system. I don’t want restrictions because you thought it would be a good idea only to include 16gb of on board space, or cloud storage where I am at the whim of network coverage and download/speed limitations.

  11. Lol on the TSA reference. Those goons are absolutely worthless.

    1. They will confiscate your breast milk! lol

  12. Good to know about Android Apps Can Access All Of Your Naughty Photos
     

  13. Just look at the g+ app it uploads all of your pics to a private album but they are Indeed out there

  14. Move away from SD cards? Excuse me? I don’t want movies hoggin up space on my phone. And don’t tell me to just stream HD movies on my tiered data plan.

    I betta see some external memory slots on my Android phone, baby-boo. LoL!! 

Leave a reply

Your email address will not be published. Required fields are marked *