A severe bug in Android which has been recently identified by Google allows hackers and third-party apps to access your device camera without your consent. The bug allows hackers to access your device camera even when it is locked or the screen is turned off. This bug can be misused to spy over someone using a third-party app.
Google Camera Bug Gives Camera access to Third-party apps
Checkmarx, an application security research company, discovered the issue of bypassing permission in the Google Camera application and later submitted it under CVE-2019-2234. Therefore, a malicious app could be created to spy over someone using third-party camera apps that have flooded the Google play store over the past few years.
The security researchers at Checkmarx made a test weather application to conduct a practical experiment of the bug, the app didn’t have permissions to the camera of whichever device it would get installed into, the only permission the dummy app had was of the device storage. After installation, the app could take photos and videos using the device’s camera without any prior permission. While accessing the application, it would ask for storage permissions to store the images and videos in the device storage.
The entire issue has been confirmed by Google and it has appreciated the efforts of researches at Checkmarx to bring these issues into the notice of the company. After being informed about the bug, Google quickly patched it.
Google further said, “We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure,” the company said in a statement. “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”