Harvesting EXIF data in this way has actually been documented in the past when Shutterfly was caught doing it in 2019. This change also doesn't affect intent actions that launch the user-specified default camera app, including _ACTION_STILL_IMAGE_CAMERA, _ACTION_STILL_IMAGE_CAMERA_SECURE, or _ACTION_VIDEO_CAMERA. A user can set a third party camera app as the default camera app. This change does not affect users' capability to install and use any camera app to capture images or videos directly. If you want a specific third-party camera app to handle your app's intent, you may do so by explicitly specifying the third-party camera app’s package name to fulfill the intent. To receive EXIF location metadata from the pre-installed system camera app when using intents that have one of the preceding intent actions, your app must declare ACCESS_MEDIA_LOCATION in addition to the ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION permission. This is designed to ensure that the EXIF location metadata is correctly processed based on the location permissions defined within the app sending the intent. In a response to The Verge, Google explained that this change was made to "keep bad actors from potentially harvesting your location." This explanation was also added in an update to the list of changes in Android 11, along with more technical details and a clarification that this does not inhibit the ability to install and use third-party camera apps. Google attributes the change to potential geotag hijacking Android 10 gave back a full set of apps, but Android 11 reported nothing, not even Google's own pre-installed Camera app. I ran a test with some simple code to query for the camera apps on a phone, then ran it on devices running Android 10 and 11 with the same set of camera apps installed. Not only does Android 11 take the liberty of automatically launching the pre-installed camera app when requested, it also prevents app developers from conveniently providing their own interface to simulate the same functionality. we believe it's the right trade-off to protect the privacy and security of our users." - Google Issue Tracker. Perhaps some users were tricked into setting a malicious camera app as the default and then using it to capture things that should have remained private. Privacy and security are cited as the reason, but there's no discussion about what exactly made those intents dangerous. Google describes the change in a list of new behaviors in Android 11, and further confirmed it in the Issue Tracker. If you want your app to use a specific third-party camera app to capture images or videos on its behalf, you can make these intents explicit by setting a package name or component for the intent. If more than one pre-installed system camera app is available, the system presents a dialog for the user to select an app. Starting in Android 11, only pre-installed system camera apps can respond to the following intent actions:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |