Recent reports indicate that your cat videos, sex pics, and that video you took of that hot hipster on the subway are not safe on your phone if you authorize certain application features. Seemingly, it was only a problem for iPhones and iPads. False! Google’s Android apps are also quite invasive; more so, in fact, than Apple’s:
It turns out that Google, maker of the Android mobile operating system, takes it one step further. Android apps do not need permission to get a user’s photos, and as long as an app has the right to go to the Internet, it can copy those photos to a remote server without any notice, according to developers and mobile security experts. It is not clear whether any apps that are available for Android devices are actually doing this.
“We can confirm that there is no special permission required for an app to read pictures,” said Kevin Mahaffey, chief technology officer of Lookout, a company that makes Android security software. “This is based on Lookout’s findings on all devices we’ve tested.”
So, whether you’re a British secret agent or an amateur pornographer, look out: your phone is no longer a safe place to store pictures that might horrify your grandmother. Or you, if it happens to be your grandmother’s phone. Yikes.
According to Google, the problem has to do with the ways in which the apps were configured to store data; originally, the apps functioned to make transferring data from removable memory much easier.
“We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS,” the spokesman said in an e-mail message. “At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images. As phones and tablets have evolved to rely more on built-in, nonremovable memory, we’re taking another look at this and considering adding a permission for apps to access images. We’ve always had policies in place to remove any apps on Android Market that improperly access your data.”
It’s apparently quite easy to configure an application to automatically take your most recent photos and submit them to a photo-sharing website; best of all, the app need mention nothing at all about photos!
Google’s app policy requires that applications be incapable of malicious data theft, but since anyone can publish an app, it’s entirely possible to get one past the goalie.
So, for the love of God, don’t download any apps called “Super Fun Time Love Joy App for Ray of Sunshine,” and make sure you warn your friends and family. Because the last thing you need to see is grandma’s…ahem!…duckface.