Apple’s iOS has gotten itself a bit of negative press lately, mainly concerning the seemingly open invitation for apps to access photos without saying "please may I.." first. Yesterday, it was revealed that apps could – having been given permission to access location data, also access images aswell, meaning you compromise two sets of sensitive data for the price of one.
Today, the New York Times reports that Google’s Android has a similar loophole, leaving images somewhat exposed. Unlike the iOS debacle, an Android device with permission to connect to the Web can then go on to copy photos to a remote server without consulting with the user – a pretty scary thought indeed.
Lookout Security has been studying mobile devices for some time, and Kevin Mahaffey, chief technology officer, said: "We can confirm that there is no special permission required for an app to read pictures."
Android developer Ralph Gootee, CTO of Loupe, went further, creating a test app which consisted of a basic timer. Once the app was installed, the pop-up requested internet access. Once the timer was set, though, the app could access retrieve the most recent images from the photo library without the consent of the user. "Photos if anything are the most personal things," said Mr. Gootee said. "I’m really kind of shocked about this"
Shocking indeed, and the revelation comes at a time when Android isn’t exactly short of issues to contend with. Although the public flogging of the Big G’s device hasn’t centered so much around privacy of late, the amount of malware leaks have been alarming, with new cases cropping up on a monthly basis.
A Google spokesman stated that since the initial versions of Android were created for devices which relied on removable memory, images were usually stored on the card – kept from prying eyes by simply removing said card from the expansion slot. The spokesman went to to promise a review of the whole situation, adding:
"As phones and tablets have evolved to rely more on built-in, non-removable memory, we’re taking another look at this and considering adding a permission for apps to access images."
Both Apple and Google should see to this, pronto. With neither iOS or Android demonstrating watertight, crystal clear privacy, the only sure-fire way to avoid rogue devs from stealing your photos, it seems, is to get a Nokia 3310. Who’s with me?
You may also like to check out: