Just a couple of days after uncovering the security loophole in iOS, whereby an application can copy the user’s entire photo library and upload it simply by asking for location information in photos and videos,The New York Times is back with similar issue found on Android devices as well.
In case of Android, the issue is a bit more worrying, as was demonstrated by the Times, using the same method they used with iOS. They built a simple time app for Android, which, in its permission dialogue, made no mention of accessing the photos on the device but simply for Internet access. This app was then able to not only access the photos on the device but also post it on a website, all behind the user’s back.
When The Verge contacted Google regarding this, it gave the typical developer argument of it being a feature and not a bug. Google said Android was designed in a way to facilitate access to your files because older devices had memory cards in them. But now that more and more Android device are having a fixed internal memory, the will be looking into adding permission for apps to access images.
Like we mentioned in our previous article regarding the iOS bug, this is no different than the way images can be access on your desktop computer. However, with Google now monitoring apps using its Bouncer program, like Apple, it too has fewer excuses to allow such behavior from apps on its store.