Android Apps Accessing User Data Without Asking

There has been a privacy failure in Android versions 4.3 and below and this has been revealed by the Hong Kong privacy commissioner. The issue relates to some of the Android applications being allowed to get through to the private photos, files without seeking their permission.

Loophole In Permission Model

There obviously is some lacuna within the permission model. This fact came to light when officials were testing the authenticity of one of the app models. Further tests conducted by the PCPD exposed the reality that it was possible to come up with applications that would be able to gain access to the memory of the device and thus to the private files of the user, bypassing the permission page. The user thus gets no opportunity to decline permission. This loophole has been addressed by Google in its Android 4.4 versions but it has not been able to root out the issue in versions 4.3 and earlier. Google was informed about this lacuna by the commission in August this year.

Consumers Sharing More Information

The commissioner believes that advancements in technology were leading to the consumers sharing a lot of their private data. It therefore made it incumbent on those using such information to ensure that they built in the necessary safeguards and did not allow any compromise of data security. He said big companies like Google had to walk the talk and ensure they did not renegade on their privacy promises. They had to come up with systems that had robust privacy designs embedded into the system by default and should not expect consumers to be savvy about this feature to be able to take care on their own. Any security system that had to be fixed later on by the consumers was bound to get misused and lie exposed to malicious hackers and malware developers. It was indeed disappointing that a major OS like Android even after 6 years of operations and development had such a serious flaw in it. The PCPD has now advised developers of applications to make sure data encryption processes are followed and stored within the device memory and not depend on consumers to be alert to any breach of security on their own.

Users Encouraged To Upgrade Soon

Google on the other hand says that it has been encouraging Android users to upgrade to higher versions so that they are able to avail of the permission notifications each time an app is made operable or tries to get into the private memory space of the device. It says that the Android 4.4 version comes with enhanced notification alerts that seek the user permission prior to any app seeking access to data. There are also other improvements that users can avail of if they upgrade. Google is therefore effectively putting the onus on the user to acquire adequate protection and that again is fraught with some risk as not many users would carry out this upgrade quickly or accord priority to it.