fuNctioN cReeP

Friday, March 02, 2012

Android Apps Don't Require Permission to Steal Your Photos

(nytimes)
It’s not just Apple. Photos are vulnerable on Android phones, too.

As Bits reported this week, developers who make applications for Apple iOS devices have access to a person’s entire photo library as long as that person allows the app to use location data.

It turns out that Google, maker of the Android mobile operating system, takes it one step further. Android apps do not need permission to get a user’s photos, and as long as an app has the right to go to the Internet, it can copy those photos to a remote server without any notice, according to developers and mobile security experts. It is not clear whether any apps that are available for Android devices are actually doing this.

The Apple and Android problems are a reminder of how hard it can be to ensure security on complex mobile devices that can run a vast array of apps. Android apps are required to alert users when they want to retrieve other kinds of personal data — like e-mail, address book contacts or a phone’s location — so the lack of protection for photos came as a surprise to some experts.

“We can confirm that there is no special permission required for an app to read pictures,” said Kevin Mahaffey, chief technology officer of Lookout, a company that makes Android security software. “This is based on Lookout’s findings on all devices we’ve tested.”

In response to questions, Google acknowledged this and said it would consider changing its approach...
(more)

Written at 4:22 AM by rene - PermaLink

0 comments

0 Comments:

Post a Comment

<< Home

To get the oil price, please enable Javascript. To get the BRENT <a href="http://www.oil-price.net/dashboard.php?lang=en#brent_crude_price_tiny">oil price</a>, please enable Javascript.

Home
RSS

cryptogon.com
InfoWars
PrisonPlanet TV
The SCP
RFID Update
EFF
EPIC

TERMINOLOGY

fuNctioN cReeP: is what occurs when an item, process, or procedure designed for a specific purpose ends up serving another purpose for which it was never planned to perform.

Big Brother: an entity that is able to watch over all our actions in a unknown restrictive, controlling way with covert technology or other clandestine activities. It is commonly used to refer to a fear of the day when we will have zero privacy, due to government surveillance and personal accurate knowledge. The term was born from George Orwell's book "1984" where a government controls its citizens through continual surveillance.

The 4th Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Panopticon: first used by Jeremy Bentham as an architectual model in designing a prison. The concept follows that you could save money by building a circular prison with a singular tower in the middle for the guard. By keeping the guard in the dark and all the prisoners in the light, those being guarded could not tell when they were being watched.

Surveillance: In the middle ages, Surveillance was a man on a horse who was called a "scout." Now surveillance includes satellite imagery and aerial photography, sometimes from unmanned aircraft, and computer network hacking. Some more common, everyday surveillance techniques include eavesdropping, dumpster diving, video monitoring, and RFID.

Biometrics: automated methods of recognizing a person based on a physiological or behavioral characteristic. Among the features measured are; face, fingerprints, hand geometry, handwriting, iris, retinal, vein, and voice. Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions.

Iris Scanning is a method of biometric identification; pattern recognition is used to determine the identity of the subject. Iris scans create high-resolution images of the irides of the eye; IR illumination is used to reduce specular reflection from the cornea. The iris itself is a "good subject" for biometric identification, because it is an internal organ that is well protected, it is mostly flat and it has a fine texture that is unique even for identical twins.

RFID stands for Radio Frequency IDentification, a technology that uses tiny computer chips smaller than a grain of sand to track items at a distance. RFID "spy chips" have been hidden in the packaging of Gillette razor products and in other products you might buy at a local Wal-Mart, Target, or Tesco - and they are already being used to spy on people.

The VeriChip passive RFID device is the core of key VeriChip applications. About the size of a grain of rice, each VeriChip contains a unique verification number, which can be used to access a Subscriber-supplied database providing specific information. Once implanted just under the skin, via a quick, painless outpatient procedure (much like getting a shot), the VeriChip can be scanned when necessary with a proprietary VeriChip scanner. A small amount of radio frequency energy passes from the scanner energizing the dormant VeriChip, which then emits a radio frequency signal transmitting the individuals unique verification (VeriChipID) number.