Android a photo-slurper too: report
Don’t use smartphones for
naughty pics any pics
On the heels of last week’s controversy regarding the photo-slurping habits of iPhones come reports that Android can play similar games with privacy.
Following the template it used to demonstrate the iOS vulnerability, the New York Times commissioned an Android app developer, Ralph Gootee of Loupe, to put together a demo app which, once installed, grabs the newest photo in the target smartphone and posts it to a public Website.
The exploit depends on a flaw in how permissions are granted by Android: the user is asked whether the app can access the Internet. A “yes” response also gives the app access to the photo library, even though this isn’t mentioned to the user.
While it’s hard to tell whether these privacy issues are deliberate or stuff-ups, it’s increasingly clear that both Apple and Google are struggling with the granularity of permissions. Neither users nor developers want to navigate a phone’s entire feature set merely to work out what an app can and cannot do; but it’s hard to simplify permissions without them leaking from one function to another. ®
A huge problem with Android apps is the 'take it or leave it' approach to permissions. You either accept what the dev claims his app needs to run, or don't install it. Where's the third approach, which would be to install it but replace dodgy sounding permissions with stub implementations? No, your game doesn't need access to my phone book or the internet, so if it tries, it gets an empty phone book and I appear permanently offline...
Re: option c)
But doesn't this mean you need to give the security app access to everything?
Can you trust the security app?
I sense another lawsuit from Apple coming seeing as they did this first...