Earlier this week, we reported that rogue iOS apps can steal your photos. But it transpires that Androird has a similar — much more widespread — problem.
According to the New York Times, no apps that run on Android need permission to grab a user's photos and, as long as an app has permission to access the internet, it can easily copy them to a remote server without you noticing. It's not clear which apps do this.
Kevin Mahaffey, chief technology officer of Lookout, a company that makes Android security software, told the NYT:
"We can confirm that there is no special permission required for an app to read pictures. This is based on Lookout's findings on all devices we've tested."
Google has acknowledged the problem — stating that it was a design choice and not an oversight — but has said it will consider fixing it. In fact it seems to be a legacy issue, with the design choice relating to decisions made about how the very first Android phones saved and shared data.