Click to Skip Ad
Closing in...
  1. Prime Day Deals
    11:01 Deals

    Check these early Prime Day deals with prices so low, it’s like Amazon made a mistak…

  2. Mattress Topper Amazon
    14:44 Deals

    33,000 Amazon shoppers say this mattress topper deserves 5 stars – today it’s…

  3. Amazon Deals
    07:58 Deals

    10 deals you don’t want to miss on Saturday: Free money from Amazon, $2.97 smart plu…

  4. Best Smart Home Devices 2021
    08:45 Deals

    10 smart home devices on Amazon you’ll wonder how you ever lived without

  5. Amazon Deals
    10:42 Deals

    Today’s best deals: Free $25 from Amazon, $600 projector for $230, $8 wireless charg…

Like iOS apps, Android apps can secretly access photos thanks to loophole

Dan Graziano
March 1st, 2012 at 3:45 PM

The New York Times reported on Tuesday that due to a permission loophole, third party app developers could access an iPhone’s photo gallery app. The paper is now reporting that Google’s Android operating system suffers from a similar security hole. Unlike the iPhone however, which requires an app to have permission to access location data, an Android device that has permission to access the Internet can copy photos to a remote server without notice. “We can confirm that there is no special permission required for an app to read pictures,” said Kevin Mahaffey, chief technology officer of Lookout Security. Read on for more.

A Google spokesman told The Times that the lack of restrictions on photo access was a design choice from the way early Android phones stored data. The first Android smartphones had the ability to store photos on a removable memory card, which complicated the issue of photo access.

“We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS,” the spokesman said. “At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images. As phones and tablets have evolved to rely more on built-in, non-removable memory, we’re taking another look at this and considering adding a permission for apps to access images.”

Ralph Gootee, an Android developer and CTO of Loupe, created a test application in the form of a simple timer. After installing the app, a pop-up notification requested access to the Internet. When a user sets the timer, however, the app is able to access the photo library and retrieve the most recent images without the user granting the app permission to do so. “Photos if anything are the most personal things,” Mr. Gootee said. “I’m really kind of shocked about this.”


Popular News