Android Exploit Allows Apps to Film You Undetected: Here’s How to Reduce Your Risk
A recent security risk exposed by software engineer Szymon Sidor has raised a few eyebrows amongst the Android community.
Work outlined in a blog post by Sidor depicts an ultra-secretive exploit that apps can utilize to film you without showing any indication on your device—even hidden from view in your recent apps menu.
After some experimentation, Sidor was able to create an app that, unbeknownst to the user, secretly captures images in the background and relays them to a third-party website.
As you can see in the video, the potential for an app like his to take such pictures—even with the screen off—poses quite a security risk. If privacy is any sort of priority to you, Sidor has outlined a few measures that can be taken to reduce your risk for such an attack.
Android has a security system in place that will not allow an app to access your camera unless it explicitly states its intent to do so. Your chance to review these "permissions", as they're called, comes when you're installing an app.
An app that requests permission to utilize your Camera during installation is one with a potential risk factor. Be sure that you trust the publisher of this app when installing, and read the app's description and reviews on Google Play to better understand what permissions are being used.
Apps that you are unfamiliar with or no longer use should be removed from your device. Head to Settings, then Apps, and scroll through the Downloaded tab to review apps.
Tap any unwanted or suspicious app, then hit Uninstall to remove it from your phone or tablet. If an app has been properly uninstalled in this way, it no longer poses any security threat.
Apps that run in the background can be found under Settings -> Apps again. This time, swipe over to the Running tab to review apps that are currently running in the background of your device.
For an app to take discreet photos such as those demonstrated in Sidor's app, it needs to be running. If you find a suspicious app under this list, uninstall it using the method outlined in the previous section.
A recent update to Android—version 4.4.3—closed many security loopholes, but it appears that this one wasn't among them. Hopefully Google will issue a fix for this risk soon, but until then, try your best to remain vigilant in the monitoring of your installed apps.