Google, Samsung Confirm Camera App Flaw That Takes Photos Of Users Without Permission

Google and Samsung both confirmed that a recent security flaw involving Android’s Camera app was discovered by third-party researchers. This flaw allows attackers to take photos and videos and even upload all of these media to a remote server without the user knowing any of it. This, apparently, can be done through an app that on the surface, does not look anything like something that would take secret photos of you.

In recent research done by Chekmarx, the Camera app of the Android operating system seemed to be vulnerable to malicious rogue applications that secretly open it, uses it to take photos, videos and even record voice calls. Now if the user will be extra careless and grant the malicious app storage permissions, then the ability to upload photos and videos taken to a remote server is also there.

Google, after confirming and acknowledging the threat that the discovered flaw posed to users, sent out an update that fixed it and issues a patch update to other partners as well.

“We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure,” Google told Checkmarx. “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”

Samsung also late confirmed that they were affected.

Checkmarx also gave some final words to Android users, enduring them of their advocacy in internet and online safety, as well as reminding everyone that safety should be a priority of everyone.

“This type of research activity is part of our ongoing efforts to drive the necessary changes in software security practices among vendors that manufacture consumer-based smartphones and IoT devices while bringing more security awareness amid the consumers who purchase and use them,” they said in the same report. “Protecting [the] privacy of consumers must be a priority for all of us in today’s increasingly connected world.”

Checkmarx conducted the research back in July 2019. Google and Samsung gave permission to publish the details of the research this month.