searchenginewatch.com said:Android users have been warned that applications could be sending back photos stored on their phone to remote servers without their permission in yet another major security worry for the popular operating system, according to a New York Times report.
The issue revolves around a permissions loophole that grants third-party app developers the ability to copy users photos to a remote server without notice, as long as a user given the app consent to access the internet.
Google has admitted the loophole exists and may consider changing its approach, according to the report.
“We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS,” a Google spokesman told the NYTimes via e-mail. “At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images. As phones and tablets have evolved to rely more on built-in, nonremovable memory, we’re taking another look at this and considering adding a permission for apps to access images. We’ve always had policies in place to remove any apps on Android Market that improperly access your data.”