There's been a new twist uncovered by the folks at The Verge about apps with no permissions accessing the SD card, and to keep the sky from falling we're going to break down what is going on.
If you haven't read it yet, the stock Android gallery (in versions prior to Android 3.0) decodes Geotags automatically when you sync with your online Picasa gallery, and it stores the information in a cache file on the SD card. This is done so the gallery can be sorted by location. What wasn't mentioned is that this data is already present if you Geotag your images, it's just in a different form. Take this lovely photo:
Open it on any computer and look at the EXIF data (and yes, an app could be written to easily do this on your Android device itself):
Those are pretty exact latitude and longitude coordinates. Plug them into the Google Maps website and you'll get this in seconds:
That's within feet of where Alex was standing when he took this picture. All without this security "hole" being involved, and it took less that 60 seconds to do.
Is this a good thing? Why, hell, no it's not, at least from a security/privacy standpoint. If you're taking pictures at home and geotagging is turned on, anyone who finds your phone (or a malicious app) would be able to find out exactly where you live. Or work. Or sleep. Or pick up your kids. Or cheat on your spouse.
But -- and this is important -- it is something you said was OK to do when you decided to mark your pictures with a location. And geotagging is hardly a new phenomenon. That's why we mentioned that you may want to turn Geotagging off in your camera.
And before anyone starts saying Google should encrypt or force permissions on the pictures folder, understand that means you'll need a bloated, OEM-approved program for your computer that can decrypt and have permission to access the pictures you take. Nobody wants to have to use aTunes to see their photos. Nobody.
Removable storage was designed to be read from any other device. That means the data on it is wide open for the world to see. This isn't going to magically change as long as removable storage is included on devices. We have to take responsibility for our actions, and if we said it was OK to share location data for the pictures we take, that means it's OK to share location data for the pictures we take. It's a side-effect of having removable storage that other devices can read, and the only way to keep things in check is to understand the implications of what you're doing. You may not like it, but unless you design a better method, this is the way it's going to be.
Never store any data you feel is sensitive on removable storage, no matter what mobile device you're using. If an app is storing data on your removable storage you feel is too sensitive, then stop using that app.
Hopefully, this helps you understand what's happening a bit better. Now go shut off the location in your camera app if you need to.
We may earn a commission for purchases using our links. Learn more.
Review: The Dyson V11 is a truly outstanding vacuum cleaner
The Dyson V11 is a unique cordless vacuum that combines a stylish design with outstanding day-to-day performance. Yes, it costs much more than traditional vacuums, but you are getting a lot more here.
Samsung Galaxy S20 review: A near-perfect, pocket-friendly powerhouse
The smallest of the three Galaxy S20 models may seem boring next to its big brothers, but don't be so quick to overlook it. The regular S20 is the best phone for value and the best phone for one-handed power-users and shutterbugs alike.
The latest Steve Aoki concert is even better in VR
Do you miss live concerts? Steve Aoki and Oculus are teaming up to help bring you an immersive live concert in VR on September 30 based on Neon Future IV, the 4th studio album launched earlier this year.
The Xperia 1 II is our favorite phone for shooting video
If video recording is your thing, then look no further than the Sony Xperia 1 II — it offers a large screen, three great cameras, and extremely robust manual video controls.