Applications for the mobile operating system Android from Google can handle pictures without your permission, experts have found. This is a legacy left by the previous model, data storage, are justified by the corporation, and promise to change the access settings. Google violates safety standards, experts say.
Applications for the mobile operating system Android from Google can copy photos to a remote server without prior notice to users, The New York Times experts, have found out .
“There is no special permit required for the application to read images, no, – said the director of technology company Lookout, which specializes in software security. – This is based on the results of research devices company Lookout ».
Technical Director Ralf Loupe Guti showed corresponding experiment on one of the test applications. When you install a program requests access to the internet, and when the application starts, it has itself passed to the library with photos, found a recent picture and publish them on a public photo-sharing sites. “Pictures – is one of the most personal information. I was really shocked, “- he cites the publication.
The New York Times did not specify whether or not applications use this scheme in practice. Google Inc. acknowledged that such a possibility does exist, promising to consider the possibility of changing the access settings. According to the Internet companies, the lack of restrictions on access to the photos associated with the previous model storage Android-devices. The first smartphone based on Google’s OS could save the images on a removable memory card, making it difficult to access the picture.
For example, a user can give the application access for photos with a single card, but did not allow access to photos from the one that put the device on another day. “We have developed a system similar to those used in other computer platforms such as Windows or Mac OS, – quotes him NYT. – Then the images were stored on the cards SD, they were easy to pull out your phone and insert into your computer to view and transfer images.
When computers and tablets are made with built-in memory, which can not be removed, we again look at the situation and decided to add a resolution that would allow applications to request access to the images. “
Explanation of Google surprise most people, because they are unlikely to know about such differences in a retrieval system, phone,” says the researcher who specializes in privacy and security ashkan Soltan. For them, such permission will Google “is akin to buying a car, which locks only on the doors, but not on the trunk,” he explains.
“We remove the application from the Android Market, which do not properly access the data”, – assured in Google.Users can leave comments about the applications suspicious activity, and the company is considering such applications. Google also has its own security system Bouncer, who with the help of simulations of different situations, checks whether the application to receive, for example, users’ personal data.
But the Android Market allows any developer to submit your application. This means that if a malicious program will bypass the system automatically checks Google, it might eventually appear on many devices