We all heard about the recent bug in Facebook that allowed access to camera in an iOS device to the app in the background. Google didn’t stay far behind and a similar bug in Android has been brought to attention in an article published by Ars Technica this week. Researchers at Checkmarx, a cyber security firm came across a bug in the Android ecosystem back in July that let third party app have access to the camera and take photos and record video even when the screen is off.
Google although patched this Android bug in it’s Pixel phones back in July but the fix and patches are still being rolled out by other phone manufacturers. Samsung however has stated that it has already fixed the bug.
How this Android bug worked was that it allowed a third party app to request storage permission from the phone’s user and get automatic access to the camera and geolocation data as well.
Researcher at Checkmarx stated:
Unfortunately, storage permissions are very broad and these permissions give access to the entire SD card. There are a large number of applications, with legitimate use-cases, that request access to this storage, yet have no special interest in photos or videos. In fact, it’s one of the most common requested permissions observed
Checkmarx also uploaded a video on YouTube demonstrating the bug.
Google has also responded thanking Checkmarx:
We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure. The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.
So it is highly recommended that all users keep their phones updated for the patch to fix this bug.Read more: