Earlier this week, news broke that iOS apps could upload users’ photos from their iPhones and iPads if users had given permission for the apps to access photo location data. It turns out that Android apps can do the same thing with even less explicit permission.
The New York Times hired a mobile development expert to create an Android app that looked like a timer. Before it would install, the app requested permission to access the Internet. If the user agreed, that actually gave the developer access to users’ entire photo libraries, which the app then uploaded to servers and posted to a website.
Google responded to the news by saying that it is “considering adding a permission for apps to access images. We’ve always had policies in place to remove any apps on Android Market that improperly access your data.”