Android is one of the few — if not only – operating systems whose disadvantage turned to advantage. Due to the imperfections of the platform, Google can every month to produce a fresh security update with the fix two or three dozen vulnerabilities. At first glance it would be logical if the user is enraged to learn that the search giant’s stockpiled the vulnerabilities in the next few years, but most do not really care. In the end, what’s the point to make a scandal, if the monthly patches are guaranteed only the owners of smartphones Google Pixel? But as it turned out, even they were unprotected from the risk of hacking.
See also: Google's explained why the camera Pixel 4 does not record video in 4K, although that option is available
In firmware smartphone Samsung Google Pixel and there are a number of vulnerabilities that allow attackers to gain control over their cameras, the researchers found in the field of cyber security company Checkmarx. According to them, the flaw allows any application without proper permissions to activate photo or video. And since everything happens in the background, not even requiring activation of the display, the chance that a malicious attack learns the user of the infected smartphone tends to zero.
What’s wrong with the system Android permissions
The vulnerability in question, like many others, is the permission system of Android. Cyber criminals have learned that if you give the app access to the SD card, it will be able not only to read information, which is recorded in her memory, but to access the camera. As a result, the hackers were able to obtain not only images and videos taken with your smartphone camera, but the voice of the user and the user’s contacts with whom he talked on the phone during the recording, initiated by infected application.
Subscribe to our chat in Telegram. It will tell you about all the vulnerabilities of your smartphone earlier than anywhere else. Well, I guess.
Manufacturers of smart phones most of them are trying in every way to limit the ability of one application to access another. However, Samsung, Google and perhaps other manufacturers who do not even know it, was in danger. In fact, all the protective mechanisms that are implemented in the operating system for many years to ensure the safety of its users, turned out to be useless.
Despite the fact that Google rushed to fix the vulnerability, found by experts from Checkmarx, by and large, Android is still vulnerable to all further attacks made with the use of the permitting system and cross-application access. Google has been trying to implement in the operating system Scoped Storage mechanism, which has been formed for each application kind of cell, beyond which it could not. Thus the developers of the search giant wanted to ensure that third-party software could not share information with each other without direct user consent.
See also: Camera Google Pixel 3 is crazy
Originally it was planned that Scoped Storage will be one of the innovations of Android 10. However, it was later revealed that independent developers will have to seriously rework their apps to be compatible with Scoped Storage. And since this is a very laborious process, its implementation would not less than six months. As a result, all that remains Google is postponing the launch of the mechanism, moving it to next year. However, we now know the name of at least one function Android 11.