Some researchers have shed light on a security flaw that could allow Android apps to spy on users
You could be spied on by your Android camera. The alarm comes from several researchers, ready to highlight a security flaw that could allow some apps of the Mountain View operating system to observe users without their knowledge.
It was the security company Checkmarx that detected the bug, which could allow a user to take control of the phone’s camera and take snapshots or record videos, through certain applications that do not require any authorization from smartphone owners.
The Samsung and Google phones seem to be the most at risk, and researchers have spoken of a quantifiable potential in “hundreds of millions of affected users”.
But Checkmarx has made it known that it has also informed other companies, because they too could be vulnerable to the same security flaw.
Hackers could use your Android camera to spy on you
The researchers found that hackers have the ability to access videos and photos in the archive and use the camera even when the app is not open.
In addition, they discovered that the phone’s sensors (those that detect users’ proximity to certain parts of the smartphone) can be used to receive notifications when the device is held close to the face.
Checkmarx had already communicated this to Google and Samsung during the summer, and both confirmed the existence of the problem. In particular, from Mountain View they expressed their feedback on the circumstance in July, through a spokesman:
“We appreciate the fact that Checkmarx brought the issue to our attention, working with the company’s partners and the Android system to coordinate disclosure.”
They then specified that they had solved the problem on the affected devices by updating the app, also explaining that they had made it known to users:
“The problem was solved on the Google devices concerned through an update of the Play Store to the Google Camera application, in July 2019. An update patch was also made available for all partners.”
Instead, Samsung told CNN that it had released a patch as soon as the defect was detected:
“We recommend all users to update their devices with the latest software to ensure the highest possible level of protection”,
a company spokesman said.