The most recent leak of nude celebrity photos paved the way for heightened concern for security in mobile devices. However, because the breach involved iOS devices and services, Android users are being a little bit more lax about the incident. But as it turns out, no one is safe, as a plot to steal photos from Android devices has been revealed.
Before apps can be downloaded on Android devices, a barrage of permissions must be allowed. The same is true for iOS devices but the difference is that Android doesn't allow individual permissions to be blocked. This means users either approve all permissions or they don't get the app they are interested in.
This isn't a new flaw and Google has already received plenty of criticism for the lack of control they offer users when it comes to permissions. But while users are lamenting this flaw, hackers are out exploiting it.
AnonIB is an image board spun off from the 4chan community. On the board's /stol/ (short for stolen), a post in July detailed how a clone of the hugely popular Flappy Bird app could be used to steal photos on Android devices.
"Gentlemen. I am a fucking genious. I have developed a flappybird clone. Hear me out. I.. modded... the app," wrote an anonymous poster.
According to the post, the Flappy Bird clone will download all phone pictures in secret while the game is running. The genius didn't want to risk their developer license by releasing the app but was willing to create a second account for the purpose of getting wins or stolen photos, asking for support from anyone who would like to help finance the pursuit. All the poster needed was $20 for a new developer license and the app store entry will be shared on the thread.
"You get girls to download it and play ONCE, and you'll get all the win you wanted, if it was there," the post adds.
The poster is believed to be a part of the group of hackers responsible for the most recent leak of naked celebrity pictures. Experts are saying the groups members found each other through the /stol/ forum and may have been already stealing personal photos and selling them for two and a half years now at least. Hackers also connected with "hoarders," the people who patronize stolen photos, through the forum.
Google actively keeps tabs on Android apps but most of the work is done after an app has already been released. The company has not made any comments about this issue.