So it turns out you probably weren’t being paranoid. Your phone really is listening to every word you say, just not in the way you thought.
There are a number of (frightening) ways that Google tracks and uses your personal data, search histories, and so on. If that isn’t bad enough, now outside entities are using Android to record you without you knowing.
Way back in July, when we were all distracted by Android co-founder Andy Rubin’s seemingly limitless creepiness, cybersecurity firm Checkmarx uncovered a security flaw in Android’s operating system.
The flaw made it possible for malevolent apps to hijack smartphones, and use the camera to record video and audio clips which were then uploaded to an external server without the phone user’s knowledge.
I was rocking an Android phone back then. I’m going to add this to the long list of reasons I’m glad I switched to an iPhone.
Business Insider reports that Google and Samsung have patched the flaw in their devices, but Google says that other Android devices could still be at risk.
“We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure,” a Google spokesperson told Business Insider in an email. “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”
Forget a ‘patch’, I want a complete overhaul. Google is playing this down, but it’s a major privacy violation.
Checkmarx developed a proof-of-concept app in order to test a worst case scenario for exploiting the security flaw. Researchers found that their malicious app could easily bypass a security restriction meant to prevent apps from accessing an Android camera without permission.
“We also found that these same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem … presenting significant implications to hundreds of millions of smartphone users,” Checkmarx research head Erez Yalon wrote in the firm’s report.
I have a lot of questions. Who was responsible? Where is the stolen video and audio now? Has it been deleted or recovered? What was it used for?
While we wait to find out the answers, here’s what you can do to protect yourself:
- Update your app, and make sure that you’ve installed the latest updates on your phone more generally. A patch has been rolled out for all Pixel and Samsung devices, so making sure your software is up-to-date is the easiest way to make sure that you’re protected.
- On Pixel phones, navigate to Settings > Apps and Notifications > Camera > Advanced > App Details. If the app has been updated since July, you’re safe.
- Finally, if you have a device that isn’t a Pixel or Samsung and you’re a little more technically minded, you can check your vulnerability by running the following command:
If doing so forces your phone to record a video, then you are in trouble.
I can’t tell you what to do next.
My first instinct would be to throw the phone on the ground.
It might be time to make the switch to Apple.
[source:businessinsider]
