Android security bug lets your camera take and upload pics without you knowing

A security researcher has found that by creating an app that exploits a simple loophole in Android, he could get a device to take photos with its camera and upload them to a remote server without user permissions.

Published Date
26 - May - 2014
| Last Updated
26 - May - 2014
Android security bug lets your camera take and upload pics withou...

Former Google employee, Szymon Sidor has found a loophole in Android that allows malicious apps to take control of your smartphone cameras and upload the images to an unknown server without you knowing it.

Sidor, who now works as a security researcher stated on his Snacks For Your Mind blog, that he had observed numerous apps on Google Play that were capable of taking photos secretly. Google requires an on-screen preview for apps to take photos, but Google does not have a minimum size requirement for the preview. Since your phone has millions of pixels, you will never spot the one that is showing the preview as it can be as small as 1 pixel. Google can close this by mandating that on-screen previews cover a certain percentage of the screen. The app was also able to capture other details from the device, such as battery level and even the user's current location.

Sidor recreated the loophole in a video which you can check out below. He ends his post with a simple request to Android’s security team: “Please put more effort into ensuring users’ privacy.”

According to CISCO's annual security report, 99 percent of the total mobile malware targets Android devices. The report highlighted that 71% of web-delivered malware was meant for Android devices, while only 14 percent targeted iPhone users. Google has recently announced a change in its Android security system that will keep apps on your smartphone safe from malicious software. The new feature will monitor your Android smartphone continuously to make sure installed apps are not affected by malicious software.

Source: Snacks for Your Mind