Samsung, Pixel Users No Longer at Risk for Android Camera App Hijacking

Samsung, Pixel Users No Longer at Risk for Android Camera App Hijacking

Many of today’s flagship Android phones have fantastic cameras, but the camera app on Google and Samsung phones reportedly shipped with a nasty bug that could have allowed malicious apps to capture images without your authorization. The companies didn’t know about the bug until earlier this year when researchers from Checkmarx alerted them. It’s a good thing, too. This could have been a huge mess if someone exploited it in the wild.

The report from Checkmarx is a bit surprising because we’re not used to seeing Android bugs like this anymore. Google implemented a robust permission system in Android 6.0 Marshmallow, and it has been strengthening its controls in subsequent versions. So, when apps want to access the camera, users have to approve the request. However, Checkmarx found a method by which apps could take control of the camera on Google Pixel and Samsung Galaxy Phones without asking for permission.

The problem traces back to the Samsung Bixby and Google Assistant AI features and the way they communicate with the built-in camera apps. On these phones, the user can ask the assistant to take a photo. Assistant and Bixby have special status so they don’t have to go through the usual permission dialog. That makes the experience smoother, but it’s also where a malicious app could gain control of your camera.

Checkmarx demonstrated that an app could pretend to be sending voice requests via Bixby or Assistant, but in reality, it was just accessing the camera directly. The app could then send the photos to a remote location without ever asking for camera access. You can see the attack in action above.

Checkmarx reported the flaw to Google and Samsung earlier this year. Luckily, there is no evidence of this attack showing up in the wild, and you don’t have to worry about your phone’s security. Both Google and Samsung rolled out patched versions of their camera apps in July 2019 that prevent third-party apps from imitating voice requests for camera access. So, the bug is fixed, but at its peak, it would have affected millions of phones. Most of them would have been Samsung devices, but it’s still a bit embarrassing for Google as it frequently points out security snafus at other companies.

Continue reading

Android 12 Could Include Major App Compatibility Improvements
Android 12 Could Include Major App Compatibility Improvements

Google has attempted to centralize chunks of Android over the years, and a major component called ART is set to get this treatment in Android 12. The result could be vastly improved app compatibility, which is sure to make everyone happy.

Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021
Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021

The 888 comes with a new CPU design, integrated 5G, and a massive GPU boost. It's shaping up to be the most significant update to Qualcomm's flagship system-on-a-chip (SoC) in years.

Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon
Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon

Not only does this include the Googley Android 11 enhancements, but it also has numerous Samsung-specific changes as part of the One UI 3.0 revamp.

It Turns Out Huawei’s HarmonyOS Is Still Just Android
It Turns Out Huawei’s HarmonyOS Is Still Just Android

Following the Commerce Department's actions against the Chinese megafirm, Huawei has been unable to use Google services on its new phones. The company's solution was to develop HarmonyOS, but now that we've gotten our first real look at it, one thing is clear: this is just Android with a skin.