The 5 true takeaways from Android’s camera vulnerability circus
I don’t know if you’ve read much news this week, but it seems the sky is falling and we’re all terribly doomed.
No, I’m not talking about that news — as usual, that’s another column for another publication — but rather the news that a security flaw in some Android camera apps could turn our phones into privacy-plundering spy portals and bring an end to human life as we know it.
I mean, have you seen some of these headlines?!
- “Hundreds of millions of Android phone cameras can be hijacked by spyware”
- “Android flaw lets rogue apps take photos, record video even if your phone is locked”
- “An Android flaw lets apps secretly access people’s cameras and upload the videos to an external server”
Holy hibiscus, Henry! Even I’m trembling from all of that, and I know it’s a bunch of misguided, sensationalized hooey.
Let’s back up for a sec and provide some context to all of this: A company called Checkmarx (one guess how it makes its money) released a report this week detailing a vulnerability it found in certain Android device-makers’ camera applications. That weakness allowed the firm’s researchers to create an app that could capture and collect photos from a phone without its owner’s consent. And, yes, that vulnerability could have affected hundreds of millions of people.
As usual with these sorts of stories, though, there are some big, juicy buts involved. And those ample, glistening buts are key to understanding what this story really tells us, what we should take away from it, and — critically — why we shouldn’t be cowering in carefully covered bunkers until further notice.
Let’s break it down, shall we?
1. The app at the center of all this was a proof-of-concept creation, with no known real-world implementation.
Before you soil those beautiful britches of yours, remember first and foremost that this whole thing was a security company’s demonstration — an act of researchers actively seeking out a vulnerability to exploit and, y’know, also then use to promote their own product (funny how that always works out, isn’t it?).
It was not, as…