Android handsets suffer from a security defect allowing malicious apps to snoop on user images, according to a New York Times investigation.
Any app that is granted permission to send data over the internet can take advantage of the loophole. This allows it to copy photos to a remote server without the knowledge of smartphone owners.
While it’s unclear whether the flaw is currently being exploited by Android malware, Google have confirmed its existence.
“We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS,” commented Stephen Rosenthal, communications and public affairs manager at Google UK, to The Inquirer.
“At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images. As phones and tablets have evolved to rely more on built-in, non-removable memory, we’re taking another look at this and considering adding permission for apps to access images.”
So far the only solution offered to this information theft threat is Google’s Bouncer software which screens apps for numerous security flaws.