Android-Apps can Take Pictures Without the Users Knowledge [Video]

An expert in the field of information security Shimon Sidor has discovered a vulnerability in the Android operating system, which allows applications to take photos without the owner’s discretion. For this the program itself has to be running and the device screen to be activated. The expert described the features of the new Android malicious code.

Shimon pointed out that according to the Google rules an Android application must display a notice when photographing or recording a video. The person has to be notified that the program is recording. It is not difficult to guess that unwanted images or videos can harm the smartphone user.

Shimon Sidor created an experimental Android-app that actually shows the status of the shooting, but the user would not see it, because the notification “icon” is a 1×1 pixel. Thus, thanks to a tiny dot on the screen the attacker may at any time take a photo or record a video clip from your mobile device. Moreover, the footage may be sent to the server. If the smartphone GPS is enabled, the attacker will also know where the owner of the gadget is.

In the video Shimon demonstrated an application that was secretly sending Google Phone’s camera images to the remote server.

To protect oneself against such malicious applications a user installing the apps has to keep an eye on what permissions they request, change their Google Play account password from time to time and delete unused applications, he said. It is also recommended to monitor background processes of the operating system.

In Google has not responded to this Android vulnerability yet.

Source: macdigger.ru