Yes, hot on the heels of the Fappening, we are now hearing that Android users were almost at risk. The Guardian reports that within the community of hackers that showed iClouds lack of security, another plan was under way that would have been using Android users lack of concern for security against them. It’s so simple, I don’t think I’d even call it a hack.
How would it work you may ask? By simply asking the users for their photos. It appears that the group that had been trading the stolen photos, for what is now believed to be longer than 2 years time, were doing so on image board AnonIB. And it has been discovered that in July, a poster had a not so surprising idea that he was ready to put in to play, had he received financial backing.
The poster’s idea was simple, make an app that asks for permission to the photos on an Android device. You know permissions. Those things that BlackBerry users are always complaining about why Android apps require so many? Those things that will often times make an app not worth it for us to download. Also those things that many Android users simply click right through in order to play the game that they want to play. In this case it was a Flappy Bird clone. And in this case, there was more than a Flappy Bird game happening in the phone. Once the user granted permission for the game to have access to photos, in the background, it would download all the photos on to the developers server.
In this case, we are probably lucky, the poster was scared. He did not want to risk his developer’s license. But he was asking for financial backing to obtain a second license so he could upload to Google Play. Did he receive the backing? Who knows? Is his app currently churning away stolen photos on phones? Possibly. Is he the only developer that has had this idea? I strongly doubt that. It’s time users start asking those questions. And it’s up to them to decide if risking their personal information, their personal photos, if their identity, is worth having the ‘popular’ phone.