Skip to main content

Android apps accessing user data without asking

Tuesday, 16 Dec 2014

Android applications are able to access a user's personal photos and files on Android version 4.3 or older without notifying them, according to Hong Kong's privacy commissioner.

The region's Office of the Privacy Commissioner for Personal Data (PCPD) yesterday detailed its discovery of the privacy failure in Android's permission model.

The office said it had tested the authenticity of the Android app model - in which all intended access to data stored on the device is disclosed to the user prior to app installation - and found the privacy hole.

"PCPD's tests have revealed that it is possible to develop an app that can read the memory of Android devices, including photos, files, and any data other apps choose to store in the devices, without the need to inform app users on the permission page," the privacy watchdog reported.

It said while Google had addressed the notification of permissions for access to a device's shared memory for Android 4.4, the privacy hole remained a serious issue for the "two-thirds" of Android users running Android 4.3 or earlier.

The office said it made Google aware of the issue in August, and formally requested the company take corrective action late last month.

Read the full story by itnews at: http://www.itnews.com.au/News/398845,flaw-allows-android-apps-to-access-data-without-asking.aspx#ixzz3M1VfBr7r