Google's Android has its fair share of problems when it comes to security. Play Store is filled with a bunch of malicious applications that no matter how Google tries, it is not able to make Android a secure operating system.
And now a researcher has come across a major vulnerability in Android OS that would allow camera app to take photos and record videos secretly.
Erez Yalon at Checkmarx (a cybersecurity testing company) discovered the vulnerability that allowed malicious apps to record videos and capture images even with the phone in locked condition. The researcher found this vulnerability while working on Google Pixel 2XL and Pixel 3.?
He submitted these vulnerabilities to Google's Android Security Team on 4th of July and Google confirmed the presence of the glitch more than a month later on August 11. What's odder is that Google initially didn't see this flaw as a high-priority issue. Only when Yalon submitted more details on how harmful it could be for users, Google's team decided to raise the severity of the condition.?
Now, in case you were wondering that only Pixel phones are the ones affected with this vulnerability, you're wrong. The researchers found this loophole on phones by various major OEMs including Samsung. The South Korean giant has also acknowledged the vulnerability.
?Yaron stated in a blog post, "Working directly with Google, they notified our research team and confirmed our suspicion that the vulnerabilities were not specific to the Pixel product line. Google informed our research team that the impact was much greater and extended into the broader Android ecosystem, with additional vendors such as Samsung acknowledging that these flaws also impact their Camera apps, and began taking mitigating steps."
Google responded to this stating, "We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure. The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners."