Since last year, Google Android has been under constant scanner of security experts. After the shocking revelation of how Apple iOS allows access to photos, now the Google Android is being pulled for the same reason. NY Times reported that even Google Android offers free gateway to any Android App to access user’s photo without any specific permission required.
Of course, as long as the app has right to connect to the Internet, it cannot copy the photos to remote location. Google spokesperson acknowledged the existence of such no-permission to access photos function and stated that it was a design choice related to how user stores data. A similar issue was found in the iOS devices as well.
Users love downloading new fancy apps on their Android smartphones that will let them enhance photos or share them quickly over social networks. Besides, there are several other apps that can easily gain access to the photos. When NY Times raised flag against this issue with a proof of concept app prepared by one developer, Google acknowledged the existence of such approach.
However, a Google spokesperson explained that Android’s photos file system was initially designed by looking at the one in Windows and Mac OS. So the images were stored on the removable storage (SD card) and one could easily take out to transfer the images or view them in different system.
Ralph Gootee, chief technical officer of Loupe (a company which develops mobile apps), made the proof of concept app to test if it could access photos and was shocked to see that the app could. Gootee stated that photos are the most personal things and it indeed was shocking to see that any app could access them.
Google tests all the newly submitted apps through a security system called Bouncer that runs the app in simulation and checks for any hidden features or loopholes. Only after getting a clearance for Bouncer, the app makes its way to Android Market.
In Android Security Guide for developers, it has been clearly mentioned that the any third party app has no permission to perform any operations such as read and write data that could adversely impact the other apps or operating system and certainly not the user.
In a nutshell, the storage access for photos Google Android has been designed in a way that the apps could gain permissions to access the photos from memory card and even internal storage of the phone. But now Google has acknowledged the potential privacy hazard over here and promised to release a fix for it soon.