Samsung Galaxy S8 smartphone
Samsung Galaxy S8 phone. Image credit: Leszek Kobusinski / Bigstock.com.

A security vulnerability in some Android phones allows attackers to access your camera app and invade your privacy (it can even get location data from the photos it takes). The vulnerability uses a loophole in the storage permission to access your camera app (even if you disabled the camera permission).

The storage permission is the one used to access your phone’s SD card or internal storage. That is a critical Android permission, which should only be provided to apps that have to write to or read from internal storage.

For example:

  • E-book apps.
  • Music streaming apps that let you download music, such as Tidal and Deezer.
  • Photo editors.
  • Text editors.
  • Word processors.
  • Many other apps like the ones above.

Updates were already issued for Samsung and Google phones (so far, i’m not sure about the other brands yet) to address the problem. However, it is important to note that providing the camera (or storage) permission to an app you don’t know to be safe is still risky. In addition to that, ensure that you update your phone!

Will device encryption protect me from this hack?: No, device encryption only protects your data from people who don’t have your password, but which are trying to copy off your data. Device encryption should still be turned on, though!