X

Sign in

Forgotten your password?
... or login with Facebook:
Don't have an AndroidPIT account yet? Sign up

How Android Apps Can See Your Photos and Location Without Permission

Steven Blum
0

A few weeks back, Eric brought us a story about how certain nefarious apps could possibly peruse your smartphone’s camera gallery. Now it turns out the security breach is much more serious, allowing any app to see not only your photos but where they were taken, all without asking permission to do so before installation. 

The major security breach was first spotted by Paul Brodeur from Leviathan Security Group. Brodeur created an app called No Permissions that can access photos and the geotags for those photos right from the gallery app on Android. “Stored completely unencrypted in a file called Chunk_0 is a list of all the locations which matched those of our home, work, family, significant other, friends and even holiday destinations,” writes the Verge’s Aaron Souppouris.

The information seems to have been generated by Picasa Web Albums – even if the user never agreed to share the information with Picasa OR Google. Even with Picasa Web Album syncing turned off, the location seems to be saved to the phone. And since Google has never required apps to declare whether or not they’re accessing your smartphone gallery, this information could be pulled without the user ever knowing what’s happening.

Here’s how the information could then be sent to a remote server without asking for a single permission. Say you’re playing a racing game. The racing game could potentially trigger your browser to start without asking you for permission to connect to the Internet. Then, when it shows how your racing stats compare to competitors, it could covertly send your photos and locations to a remote server. No permissions asked, no problem.

Google says it plans on adding permissions for apps to access images in the future. We hope they start doing so NOW. Until Google gets its act together, you can prevent these apps from communicating with external servers by making sure you have your 3G and WiFi connections disabled when playing around with potentially suspicious apps. Sure it’s a pain in the ass, but better than having your photos beamed to god knows where.

Seems like the whole concept behind "permissions" needs a serious overhaul. 

Ad

FOLLOW US:

 

Hot Topics » all news

Sony Xperia Z gets the Yankee Treatment

Want the iOS 7 Look on Your Android? Download This Skin

Design Concept of Android 5.0 Key Lime Pie

Screen Resolutions: When is enough, enough?

[Survey] What was your first mobile phone?

MOST ACTIVE TOPICS » Forum

14

What was your first mobile phone?

in General / Feedback / Suggestions by Loie Favre
13

What was your first computer game?

in Café AndroidPIT by Loie Favre
4

What is your prefered tablet size?

in General / Feedback / Suggestions by Loie Favre
3

Kazam new phone startup

in General / Feedback / Suggestions by Anthony Muzonzini

UNANSWERED TOPICS » Forum

0

My Cat Photo Sticker (Pre-launch)

in Let me show you my app... by Inexco
0

[GAME][2.3+] Bunch of words 1.6 (Need feedback)

in Let me show you my app... by Pavel Olisov
0

Enjoy maths with Kids Math...!!

in Let me show you my app... by Sarah Lomax
0

[FREE][APP] Local Escalation

in Let me show you my app... by HIGHSCORE
AndroidPIT App in Google Play
Ad