Two days ago, the New York Times reported on an issue in iOS that allows third-party apps to access your photos if you them grant permission to access your location. That's a bit of a hole in Apple's walled-garden approach to privacy and security, and we quickly heard from sources that Apple was working on a fix.
Today, the NYT is back with news that Android apps can also access all your photos without receiving direct permission, but the situation is markedly different. While the iPhone walls off its photo directory from apps that don't have permission, Android stores photos in a standard directory in the main filesystem. That means pretty much any app can access your photos by default, but it's not a security hole — it's an intended consequence of the system's design. In fact, it's pretty much exactly how a Mac or PC works, which is what Google told us in a statement: the company says Android was designed to allow users to access their photos from a removable memory card. Obviously that's less and less important as modern devices include more built-in memory, so Google says it's considering adding additional permissions settings for photos. The full statement:
We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS. At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images.
As phones and tablets have evolved to rely more on built-in, non-removable memory, we're taking another look at this and considering adding a permission for apps to access images. We've always had policies in place to remove any apps on Android Market that improperly access your data.
Given the increased recent scrutiny of privacy and security on mobile devices — and Google's own brushes with privacy-related controversies in the past few weeks — we'd expect "considering" to turn into "implementing" relatively soon. We'll keep an eye on things.