On the heels of iOS apps getting caught uploading user contacts and photos, Google’s Android operating system for phones and tablets is under fire for a similar vulnerability. As it turns out, if an Android app has access to the Internet, it can upload your photos without asking permission.
According The New York Times Bits blog, almost any Android app is capable of access user’s photos without them knowing.
To test the idea Bits had an Android developer create a custom app. The app billed itself as a simple timer that asked for permission to use the web. After the app was granted permission it uploaded the user’s latest photo to a remote server.
When Bits asked Google about the situation, Google said that the unrestricted access to photos was a design choice.
In the past Android stored photos on microSD cards. Apps would have to ask for permission to use each card, which could get complicated if the user had multiple cards. Then, as Android devices changed to rely more on internal storage the apps didn’t need to ask for permission.
With the new details coming out, the Google spokesperson said the company is “considering adding a permission for apps to use images.” That way users would know just when apps are accessing their photos.
It’s unclear if any apps in the Android Market currently use this trick to upload photos without user permission, but, given the amount of malware on the platform, it wouldn’t be hard to imagine a few apps out there do.
Hopefully Google will force apps to ask permission before uploading your photos to the Internet. Most users aren’t switching SD cards and many phones have internal storage, so the change would have a minimal negative impact on users.