18 Comments

Summary:

One of Google’s core principles for Android was that app developers couldn’t access personal information unless they asked permission before the user installed the app. Turns out that Android doesn’t extend that protection to some of the most personal data on a phone: photos.

Android undergoing repair

Android undergoing repair“But that’s the way we’ve always done it” never really works as an excuse for an unforeseen problem. The reasoning behind Android’s ability to let app developers access personal smartphone photos without permission is understandable, but it actually goes against a core Android design principle.

The New York Times has had quite a week when it comes to uncovering ways that rogue application developers can exploit both iOS and Android in order to obtain personal photos. Earlier in the week it reported that iOS applications can access and upload photos stored on your iPhone simply by asking you to share your location with the app (Apple is believed to be working on a fix.) On Thursday it reported that Android apps can do the same thing without asking for any permission at all.

How is this possible? Google’s explanation, provided to the Times:

We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS. At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images. As phones and tablets have evolved to rely more on built-in, nonremovable memory, we’re taking another look at this and considering adding a permission for apps to access images.

As many have noted, this is sort of how computers have worked for a long time. If an application prompted you every time it needed to access a file, you’d do nothing but approve prompts, as MG Siegler pointed out in a post dismissing the concerns articulated by the Times as similar to those of people who never leave the house because they’re scared of getting robbed.

But the example the Times used to test this out involved a timer app that uploaded photos from the phone when the user started the timer. It’s not unreasonable to suggest that an app designed for the most personal computing device we’ve ever created should have to ask your permission before being allowed to do something completely unrelated to its core function.

In other instances, Google agrees: just look at its response to the Path/iOS address book snafu. When you install an app on a mobile operating system that is has been touted by its creators as more secure than the competition because it requires developers to ask your permission to do absolutely anything–and that app does something that it never asked your permission to do–you have a right to be annoyed.

Google won’t even let an Android application access the Internet unless the app developer tells Android that the app intends to access the Internet. Applications have to declare their intention to “write to the SD card,” as Facebook’s Android application does before it is downloaded. But they apparently don’t have to declare their intention to “read from/access the SD card,” which Facebook is obviously allowed to do so its users can upload photos.

The company needs to find a way to require app developers to list something like “access to photo library” alongside the list of permissions it requires app developers to submit before their app is allowed to upload photos. That doesn’t mean the app has to ask your permission every time it wants to access a photo: it just needs to tell Android that it reserves the right to do so once installed and allow potential users to see that intention before they install the app.

Assuming you read that list of permissions before you download Android apps, you might wonder why a timer app needs to access your photo library. And if that bothers you, you might go off and find one that doesn’t feel the need to make a copy of your photos.

Mobile computing isn’t going to turn into a nanny state if Google requires Android app developers to be honest about their intentions, a policy that it applies to just about every other piece of personal information on an Android phone except photos. The only people who lose in that situation are those who would exploit your photos for their own benefit.

  1. Why should be replaced after they were nice, but I hope with this change, it will get better and better.

  2. Well done. Nice article.

  3. This article in no way is biased toward Apple, at all.

    A single blurb how Apple has the exact same problem, and is “believed” to be fixing it. Great journalism there.

    1. Apple’s situation is different, because it has the opportunity to review apps before users install them as well as the ability to ban apps from the App Store that it can detect are accessing photos improperly. Anyone can upload a piece of malware into the Android Market that can masquerade as a legit app but steal photos, although Google might be able to detect such issues with its new Bouncer feature.

      Apple also hasn’t commented on its situation. The Verge reported here (http://www.theverge.com/2012/2/28/2831622/ios-loophole-access-photos-fix-is-coming) that the fix was coming, I had intended to link to that post but forgot, and will add that now.

      1. I’m impresseed by the fact you are monitoring and quickly replied to Jack’s concern. Interesting article.

      2. O yeah… and those Path fiasco( many ios apps did that) and fake apps prove that there’s a big hole at app store either

      3. That may well be true, but the tone of the article…

  4. Craig Herberg Thursday, March 1, 2012

    Indeed, Google and Apple need to fix their image problems. Both need to disable app developers ability to access images without permission. Craig Herberg

  5. Anyone know if this is a problem on BlackBerry?

  6. But Google definitely needs to be a bit more cautious with Android going forward.

  7. So, if I want to get copies of your photos, I write a timer app which has user-changeable wallpaper. Then I can request access to your photos. I can put several different chime tones on-line for users to choose (to reduce download size), so I need internet access. Then I do something totally different than what the user expects.

    Change the rules all you want, but it is almost impossible to prevent creeps from being creepy.

    1. It’s important to recognize this business of rogue apps uploading your photos for nefarious purposes is all hypothetical. Unlike the iOS Path adress book fiasco, there aren’t any examples of any programs stealing your photos, nor has anyone articulated any reason why they wood.

      Google should certainly add a permission for reading SD card data or more specifically photos.

  8. David Longfellow Friday, March 2, 2012

    The only image problem Android has ever had is the false created by Apple fanboi journalists.

  9. Jeff Kibuule Friday, March 2, 2012

    What I really don’t get is that computers have had this power for YEARS. You should be suspicious of ANY app you install because it has access to your entire freaking hard drive.

    1. It’s more about the notion that Google requires app makers to declare their intent to do a lot of things (what app doesn’t want to access the Internet?), but doesn’t require them to do this. It’s an oversight they should correct to be consistent.

      I also think the situation different in the mobile era because apps are so disposable: people download and install apps without thinking about it quite as much because it’s so quick and easy to do so. That’s why Apple promises to review apps before they can be distributed, and why Google makes an app ask Android for permission before allowing that app to do anything.

  10. There seems to be based. Having developed apps for both platforms, I can say that both are equally as bad. Neither of them are really good but not really bad either.

Comments have been disabled for this post