Wednesday, March 22, 2023

More Android security problems

TL;DR: all photos that were cropped on Google Pixel Android phones from 2018 until this month didn't actually delete the cropped data which can be recovered.  If the cropping was done for purpose of privacy or redaction, then the photos (which very well may have been shared on social media) are not secure at all.

Details: security is a subtle thing - one day you can be secure and the next day not.  This problem came from a change in the Android OS.  The way one of the OS functions worked in Android 9 changed with Android 10.  But the implications of this were subtle and app developers didn't realize the implications, so the Markup app that functioned securely under Android 9 suddenly functioned insecurely under Android 10.  We've actually seen this before (note: this is one of my favorite posts here).

So what do you do if you have one of these phones, and pictures that you've cropped?  Well, the new Android updates fixes the bug, so you don't need to worry about new pictures that you've cropped.

But every one of your pix that you cropped between 2018 and this month can expose cropped data.  You'll have to decide if this is a problem for any particular picture.  If it is, you should display the picture in full screen mode and then take a screenshot - and then delete the original picture.


Peteforester said...

If you want to keep your photos private, AIR-GAP THEM! Use a CAMERA with NO WiFi capability! Store them LOCALLY on a THUMB DRIVE that is DISCONNECTED from the computer when not actually being accessed! If possible, access them on a computer that is AIR-GAPPED; NOT connected to the 'net! Save your phone camera for the BS pictures!

blogger said...

Pete, that's good advice. But most people want to share their photos on social media, and cropping is a convenient way to get rid of stuff you don't want to share.

The problem here is that they thought they were getting enhanced privacy when they weren't.

- Borepatch

Old NFO said...