Is Your Android Camera Vulnerable To Spying?

Is it possible that someone else can get information from your cell phone besides yourself? Tracking apps, third-party apps, and more are now able to easily access your phone information secretly. 

Recently, a weakness was discovered in Android’s in-camera apps which made it possible for someone to record video, audio, and capture pictures. The software would then upload this data to a controlled server without any permission to do so. However, this was only possible if the app had permission to access the phone’s internal storage.

Typically, the storage compartment on your phone is embedded into the device, making it easy for an attacker to gain access. Once downloaded and given permission, the app is able to access the storage unit on your device. If this happens to you, you will be at a much higher risk of phone tracking.   

By just having access to your cell phone storage, these apps could easily access your microphone or camera operating system. They were even able to track your whereabouts due to your phone’s location being embedded into the images and videos on your device.

Google and Samsung have taken the first step in protecting you from this security flaw by releasing new updates. Google stated that devices from other manufacturers may still be at risk. 

How Was This Vulnerability Discovered?

A researcher from the security firm Checkmarx discovered this flaw by developing a rogue application that would exploit the weaknesses. It disguised itself as a weather app and was able to pull this data from the device. 

  • Take pictures and record videos while the app was not open.
  • Access pictures and videos on the device.
  • Pull a phone’s location from any photo or video.
  • Record phone calls. 
  • Silence camera shutter. 
  • Transfer any photo or video on the device to a controller server.
  • Start recording when the phone is near the ear.

Not only was the researcher able to perform all of these tasks on the phone, but they were also able to use the phone’s proximity sensor. Using this sensor, they were able to start tracking when the phone was held to the person’s ear, or gain access to the camera while on the phone. 

Checkmarx Shares Their Findings with Google

The researcher shared their investigation results with Google. Google was thankful that this was brought to their attention. They are beginning to work on a solution that will be released through a Play Store update. Samsung was also notified about Checkmarx’s findings, and they are going to release patches to fix this issue.

Samsung values their partnership with the Android team, and will be working closely with them to resolve these issues. Google shared with Checkmarx that since being notified by Google about the vulnerability, they have applied the same patch to affected Samsung devices.  

 How To Know If You Are Protected

Samsung and Google have both released information regarding patches that they have made to help protect apps from accessing information. Google states that, “the issue was addressed via a Play Store update to the Google Camera application in July 2019. A patch has also been made available to all partners.” Although they claim that these latest updates are already in place, there is no way of checking or monitoring if the security flaw has been patched. 

As long as your camera application has been updated since July of 2019, then this security flaw should be resolved. You will also want to make sure that your Android phone operating system is up-to-date. You can check this by going into the settings on your mobile device.

Staying up-to-date on all your apps is important because developers are being made aware of these types of vulnerabilities every day, and release new updates to help protect your phone. Phone manufacturers have even developed settings within your device that will have your apps update automatically when a new update is released. 

I would strongly recommend you turn this feature on within your device to keep your camera and other applications protected from future vulnerabilities or issues.     

Recent Post: Are Password Managers Safe To Use?