Android users beware: a loophole in the mobile OS allows apps to take pictures without users knowing and upload them to the internet, a researcher has found.
Such Android spyware would give the user no hint that the camera had been activated, Neowin reports. It could then upload the images to a remote server, again without the user being aware.
The app was developed by researcher Simon Szydor, who describes his efforts on his Snacks for your Mind blog.
He says that Google’s Play Store is already full of Android spyware apps which allow users to take covert photos – switching off sound effects and LEDS – but he aimed to create one which could take pictures without the user knowing at all.
“Using Camera technically requires a preview to be displayed on screen,” says Szydor. “But let’s not get discouraged.”
Szydor found that the preview need only be one pixel – and thus invisible to the users of hi-resolution phones such as the Nexus 5 he tested it on.
“The result was amazing and scary at the same time – the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)! Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.”
Szydor said that a spyware app could also work even with the screen turned off – and upload additional information such as location – a video demo is shown off here. A similar concept “spyware” app was also discovered by two researchers for Google’s Glass device, as reported by We Live Security.
The app, of course, has to be willingly installed – but Neowin notes that a Forbes report found that some third-party stores had extremely high levels of malware – up to 33%, according to their research.
Author Rob Waugh, We Live Security