Published: Wed, November 20, 2019
Electronics | By Kelly Massey

New Flaw Lets Rogue Android Apps Access Camera Without Permission

New Flaw Lets Rogue Android Apps Access Camera Without Permission

Android is meant to prevent apps from accessing the camera and the microphone on a smartphone without user permission, but with this particular exploit, an app could use the camera and the microphone to capture video and audio without express user consent.

"A malicious app running on an Android smartphone that can read the SD card, not only has access to past photos and videos, but with this new attack methodology, can be directed to initiate (take) new photos and videos at will", the researchers said.

Thanks to a security flaw, Android apps had the ability to take photos and record conversations without users knowing it. The issue (filed under CVE-2019-2234) affected Pixel phones, but further spilled over to devices from Samsung and other manufacturers.

"These same vulnerabilities may affect other smartphone vendors and likely impacts hundreds of millions of Android users worldwide", states a demonstration video that Checkmarx posted on YouTube.

Checkmarx confirms that both Google and Samsung have issued a fix.

The flaw was uncovered by the cybersecurity firm Checkmarx in July, and its findings were published Tuesday, Ars Technica first reported.

Rob Gronkowski refuses to rule out National Football League comeback
It's just going to be a great overall fun themed party where it just brings entertainment and joy to people's lives". The Feb. 1 event will feature performances from Diplo , Kaskade, Rick Ross , Flo Rida and other artists.


On Pixel phones, navigate to Settings Apps and Notifications Camera Advanced App Details. "Our researchers could do the same even when a user was in the middle of a voice call".

The flaw also gave an attacker access to stored media on a device, as well as the Global Positioning System data on photos and videos in its library. A patch has been rolled out for all Pixel and Samsung devices, so making sure your software is up-to-date is the best way to ensure you're protected. They found multiple vulnerabilities relating to permission bypass issues which could allow an attacker to use the app to take photos and record videos via a rogue app.

In response, Google said: "We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure". Both companies approved the publication of Checkmarx's report this month. However, the company might be too thirsty about collecting personal data to show individualized ads, as its Quick apps application has been blocked by Google Play Protect because of potential tracking issues.

Checkmarx submitted this vulnerability report to Android's Security team at Google in July.

Now Google has also confirmed the same and released a patch for this camera flaw to Android partners.

Like this: