Android Apps Can Secretly Copy Photos Without Permission
Recently, iPhone came under fire for theoretical ability for an app access to photos. But it turned out Android can do the same without explicit permission.
“Android apps do not need permission to access a user’s photos, and as long as an app has the right to access the Internet, it can copy those photos to a remote server without any notice, according to developers and mobile security experts. [...]
Google acknowledged this and said it would consider changing its approach.”
Android’s permission structure doesn’t work because:
- Most Android apps require internet access.
- Due to permission overload, many people just agree to all permissions requested.
- Malware author can easily bypass the Android permission screen.
Difference Between iOS vs. Android Photo Access
The huge difference is that iOS apps trying to access photos are required to ask for “Location” permission, which implied photos and videos access with “This allows access to location information in photos and videos.”
Another difference is that Apple is expected to figure out a solution quickly, while Google is “considering” whether lack of user privacy is a problem.
In addition, no matter how quickly the companies resolve the issue, iOS users will quickly get an update, while Android users won’t get timely update for the problem.
- Apple: Contact Collection by Apps Against Guideline, iOS Update to Address Issue
- Android apps including those in Google Play Store vulnerable to MitM remote code execution exploit
- Free Apps Can Waste 75% Battery Life Tracking Users & Serving Ads
- Malware Android apps from Google Play infects Windows PCs: #thenextbigthing
- HTC Adds Huge Security Holes to Android Phones