Not Just iOS: Android Apps Can Secretly Copy, Upload Photos

[ap3x]

[citation][nom]igot1forya[/nom]I think the idea is that Android people know what there getting into - Apple people don't. It's like giving a loaded gun to a baby or something.[/citation]

This idea that "Apple People" somehow do not know what they are getting into is absolutely ridicules. Please explain that. You knew about this issue about Android already?

Here is a fact, we on Toms Hardware and other technical sites represent less than 5% of the total user base for both IOS and Android devices. So your logic and others that say the same stupid crap about everything Apple is completely wrong and not based on anything measurable. Just another Android flag waiving statement that does not do anyone any good.

 

[kenyee]

I'm surprised this wasn't mentioned wayyyyyy back

The essential issue (mostly a non-issue because *every* app developer knew about this, apparently except for the NYT writer who's not a developer but is a shocked user because no one explained it to him) is *everything* has access to /sdcard. It's sort of a free for all area. There's no area on the SD card that's only for your app's data. There's no way you can lock people out. It's a shared space that everyone uses as "temp" space. The Photo Gallery/Camera use this as their "temp" space as well, so it's more a fault of the camera app. When you bring up the gallery chooser, you get a link back to some file on the sd card.
The only thing that's "private" (your app only) is the app's sqlite3 database and even so, backup programs can grab your sqlite3 database. If you want security, implement encryption in your app for your data.

Hope that clears things up on how things look from the developer's standpoint...

 

[Anomalyx]

Doesn't an app need "SD card read" permissions to read the photos on my SD card? Do people not think about this before downloading an app?

 

[zak_mckraken]

The shocking part is not that the app has access to pictures, or any other data for that matter, it's the fact that it can upload it anywhere without explicit user content. When I install an app and I get the message that the app needs "access to local files" and "access to the internet", I don't assume that the app will "upload my files to the internet without my knowledge, let alone my consent". Sure, the developper could just add a EULA and we would be forced to either accept, or not use the app at all, but at least we would be informed. Juste like South Park's CentiPad...

 

[WyomingKnott]

I find it interesting that Google Maps on Android requires access to the path to record audio. It can eavesdrop on me. No, thanks.

 

[aftcomet]

In a place of rapid change, people need to be careful how they present themselves in the digital world.

Once it's popular and out on the internet, it's virtually there forever.

Not to say we don't need privacy, but until something is brought into place, people need to exercise caution.

 

[A Bad Day]

"Everyone is peeking. Why can't we?"

 

[Djhg2000]

It all comes down to users not reading the permissions list and try to understand what consequences they might result in.

I checked the permissions of an FTP app, and sure thing, storage _was_in_fact_listed_as_a_permission_.

People already have the tools needed to see this and yet they still complain about the world not being idiot proof. If you have a brain, use it for crying out loud.

 

[Guest]

When you install a program on a computer you do so with the understanding that the program can access everything and do anything on that computer. I wonder why it is we expect so much control over apps on smart phones / tablets when we never have for computers.

 

[blazorthon]

Okay, not that I'm complaining, but why were both of my comments thumbed down? What did I say that was wrong? If I'm wrong about something, I would be thankful for someone explaining why I'm wrong instead of just basically telling me I'm wrong without giving a reason.

Am I wrong for already thinking that this stuff was obvious and for being cautious? I thought it was important to be cautious, especially with electronics, even more so for mobile devices. Am I wrong for recognizing that more tech savvy people are in the minority of customers and stating that fact? Am I wrong for recognizing that privacy is almost null most of the time?

Isolating a problem doesn't fix it. Not telling me what the problem(s) was instead of telling me it doesn't solve my apparent ignorance, it only isolates it.

 

[alextheblue]

[citation][nom]tonytopper[/nom]Couldn't most Windows "apps" you install do this? Haven't they always been able to do this?I wouldn't be surprised if the same is true for Macs and even Linux machines.[/citation]Yes but people seem more likely to download tons of random apps for phones. Part of it is "doing dumb things with smartphones", part is the ease of use, and part is the "phones are safe" mentality. Just like how most Mac users still think their OS is impervious to attack.

Meanwhile, a typical PC has protections. Some are built-in to Windows and are kept current via Windows Update. Others are additional software added by the OEM and users. Either way, people are aware of the need for protection on PC. I'd bet most smartphone users don't run anti-malware or anti-virus software.

 

[alextheblue]

[citation][nom]NotThatAnonymous[/nom]When you install a program on a computer you do so with the understanding that the program can access everything and do anything on that computer. I wonder why it is we expect so much control over apps on smart phones / tablets when we never have for computers.[/citation]So you're running Windows XP vanilla with no service packs and no additional security software? No? You have a bunch of layers of protection, starting with reputation/source of the software. My personal favorite: A firewall with outbound program control.

 

[upgrade_1977]

Nothing is safe anymore..

 

[house70]

[citation][nom]alextheblue[/nom]So you're running Windows XP vanilla with no service packs and no additional security software? No? You have a bunch of layers of protection, starting with reputation/source of the software. My personal favorite: A firewall with outbound program control.[/citation]
That's what I suggested, too. Guess the drones that didn't like that don't even know what a firewall is.

 

[angerftw]

Hearing this just days after the report that iOS apps would secretly access your photos and upload them online, is like the time we heard a Galaxy S II exploded just a day after an iPhone caught fire in an Australian plane.
iFanboy Propaganda 4s

 

[K2N hater]

@all those who claim the same happens to Windows

Microsoft has been planting backdoors in Windows for over 10 years now. It all begun with the NSA key which was found in 1998 and affected all Windows NT (SP5 and higher) worldwide. Nowadays things aren't much different either - actually they're even worse for the following reasons:
1. Microsoft uses Internet connectivity to collect user/computer/network data with the excuse of controlling piracy. We can't be really assured they don't use the data for other means;
2. Lots of software companies do it as well (including antivirus and games companies) and some may also collect browsing habits and user data;
3. We know browsers will always have security flaws (and let's add browser extensions such as Flash and Acrobat introduce some more) and even well-known companies are to use them to install rootkits. Some of these rootkits are not detected by antivirus software and may bypass certain firewall software;

And then we come to conclude x86 Windows is certainly not a friend of privacy but users can still learn how to defend themselves and to make their home PCs less vulnerable to these privacy breaches, something that tablet and smartphone users cannot and will not.

 

[K2N hater]

Side note: concerning the last paragraph x86-64 versions are also affected and other architectures are just as vulnerable as their user growth.

 

[blazorthon]

@K2N hater

How much do you think of the bloat in Windows is just privacy invading crap?