This sucks. I have a bespoke app that throws ugly HUD data on top of what I'm photographing but that saves me a ton of time by not having to switch to other apps to check. Now that's not gonna work any more? One more reason to move to a Linux phone I guess.
If I'm reading this right, this looks more like it's for intents, so that other apps have to specify exactly which external camera app to use. If they don't do that, then the built-in app is selected. You camera app should still function, though may require an update?
I’m not following the privacy issue: The UI shown in the screenshot requires explicit opt-in to which app is launched, so the user has consented to that app receiving the image that is taken?
I’m also not immediately seeing a non-privacy reason to make this change either...
Yes, and frogblast is saying that they don't see a privacy issue in the camera picker for Android 10 that needs to be mitigated by removing it in Android 11.
This change does not improve privacy, and may even reduce privacy by preventing the user from switching to a free and open source camera app, assuming that the stock camera app is proprietary.
Copy-paste of its summary of the top 30 "beauty camera" apps:
> More than half (16) of these apps are based in Hong Kong or China
> One app doesn’t ask for permission to use your camera, but turns the camera on anyways – without any permission
> Three seemingly separate developers seem to be run by the same group, and may be connected to apps previously found to contain a widely-dispersed Trojan
> The top-ranked app developer Meitu, with more than 300 million installs, had apps identified as malware, violating Google’s ad policies, or secretly collecting data
> One app developer was found to install malware through its software
> One app was accused of sending users pornographic content, redirecting them to phishing sites, or collecting their pictures
> These apps are requesting up to 7 dangerous permissions, 5 on average, most of which are unnecessary for the app to function
> Unnecessary permissions include recording audio, using GPS, and seeing users’ phone statuses
> While only a few permissions are required for the app function, one app includes a whopping 40 total permissions
* The default camera app always takes a photo from the front or back camera
* Custom apps might return a photo from a usb camera, a remote camera, a file or a webpage. Exif data could be faked too.
* The 'security issue' is therefore that apps that ask the user to take a photo to prove something (for example, taking a photo of your passport to prove who you are, taking a photo of a QR code in a shop, etc) cannot have the assurance they want that the photo was just taken.
Not an Android developer, but they list Image Capture and Image Capture secure. Wouldn't it make sense for something like Image Capture Secure to be used by those sorts of apps, and for that to use the optionless device default camera rather than breaking all apps?
I believe "secure" here refers to the camera that is allowed to open even when the phone is locked. It can take pictures, but shouldn't leak user data (eg. Allow viewing old pictures, or browsing contacts in a 'share' dialog, or have any links to webpages which would then allow browsing the internet without unlocking the phone)
If you want to constrain the actions of corporations, you need to pass laws banning their abuses. Whining will do no good whatsoever. Makers of popular platforms ought to be required as a matter of law to keep those platforms open, because it's in the general interest of the public that infrastructure be a platform and not a product.
Can you define "malware"? I am categorically and maximally against viewpoint-based censorship. If an otherwise well-behaving app can be "malware" because it espouses a particular viewpoint, I oppose allowing platforms to ban "malware". If you can define "malware" without reference to viewpoint, sure, censor away.
For example, banning Gab is egregious and unacceptable under my framework.
So how does this stop malicious apps from using the same workaround that Google proposes, as mentioned in the article:
"The documentation advises explicitly checking for installed camera apps by their package names — meaning developers would have to pick preferred apps up front — and sending users to those apps directly. Of course, there are other ways to get options without identifying all package names, like getting a list of all apps and then manually searching for intent filters, but this seems like an over-complication."
the decision now lies with the developer, not with the user. therefore, a malicious camera app developer would have to convince the developers of all targeted apps to support their app instead of the default camera app, which pretty much doesn't work.
24 comments
[ 3.7 ms ] story [ 67.7 ms ] threadI’m also not immediately seeing a non-privacy reason to make this change either...
This change does not improve privacy, and may even reduce privacy by preventing the user from switching to a free and open source camera app, assuming that the stock camera app is proprietary.
A Google search for "malicious camera apps" leads to this from January https://cybernews.com/security/popular-camera-apps-steal-dat...
Copy-paste of its summary of the top 30 "beauty camera" apps:
> More than half (16) of these apps are based in Hong Kong or China
> One app doesn’t ask for permission to use your camera, but turns the camera on anyways – without any permission
> Three seemingly separate developers seem to be run by the same group, and may be connected to apps previously found to contain a widely-dispersed Trojan
> The top-ranked app developer Meitu, with more than 300 million installs, had apps identified as malware, violating Google’s ad policies, or secretly collecting data
> One app developer was found to install malware through its software
> One app was accused of sending users pornographic content, redirecting them to phishing sites, or collecting their pictures
> These apps are requesting up to 7 dangerous permissions, 5 on average, most of which are unnecessary for the app to function
> Unnecessary permissions include recording audio, using GPS, and seeing users’ phone statuses
> While only a few permissions are required for the app function, one app includes a whopping 40 total permissions
https://en.wikipedia.org/wiki/Surveillance_capitalism
* The default camera app always takes a photo from the front or back camera
* Custom apps might return a photo from a usb camera, a remote camera, a file or a webpage. Exif data could be faked too.
* The 'security issue' is therefore that apps that ask the user to take a photo to prove something (for example, taking a photo of your passport to prove who you are, taking a photo of a QR code in a shop, etc) cannot have the assurance they want that the photo was just taken.
Discuss!
For example, banning Gab is egregious and unacceptable under my framework.
"The documentation advises explicitly checking for installed camera apps by their package names — meaning developers would have to pick preferred apps up front — and sending users to those apps directly. Of course, there are other ways to get options without identifying all package names, like getting a list of all apps and then manually searching for intent filters, but this seems like an over-complication."