Geotagging, SD cards and the latest Android privacy/security issue

There's been a new twist uncovered by the folks at The Verge about apps with no permissions accessing the SD card, and to keep the sky from falling we're going to break down what is going on. 

If you haven't read it yet, the stock Android gallery (in versions prior to Android 3.0) decodes Geotags automatically when you sync with your online Picasa gallery, and it stores the information in a cache file on the SD card. This is done so the gallery can be sorted by location. What wasn't  mentioned is that this data is already present if you Geotag your images, it's just in a different form. Take this lovely photo:

Open it on any computer and look at the EXIF data (and yes, an app could be written to easily do this on your Android device itself):

EXIF

Those are pretty exact latitude and longitude coordinates. Plug them into the Google Maps website and you'll get this in seconds:

That's within feet of where Alex was standing when he took this picture. All without this security "hole" being involved, and it took less that 60 seconds to do. 

Is this a good thing? Why, hell, no it's not, at least from a security/privacy standpoint. If you're taking pictures at home and geotagging is turned on, anyone who finds your phone (or a malicious app) would be able to find out exactly where you live. Or work. Or sleep. Or pick up your kids. Or cheat on your spouse.

But -- and this is important -- it is something you said was OK to do when you decided to mark your pictures with a location. And geotagging is hardly a new phenomenon. That's why we mentioned that you may want to turn Geotagging off in your camera. 

And before anyone starts saying Google should encrypt or force permissions on the pictures folder, understand that means you'll need a bloated, OEM-approved program for your computer that can decrypt and have permission to access the pictures you take. Nobody wants to have to use aTunes to see their photos. Nobody.

Removable storage was designed to be read from any other device. That means the data on it is wide open for the world to see. This isn't going to magically change as long as removable storage is included on devices. We have to take responsibility for our actions, and if we said it was OK to share location data for the pictures we take, that means it's OK to share location data for the pictures we take. It's a side-effect of having removable storage that other devices can read, and the only way to keep things in check is to understand the implications of what you're doing. You may not like it, but unless you design a better method, this is the way it's going to be.

Never store any data you feel is sensitive on removable storage, no matter what mobile device you're using. If an app is storing data on your removable storage you feel is too sensitive, then stop using that app. 

Hopefully, this helps you understand what's happening a bit better. Now go shut off the location in your camera app if you need to. 

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Threads.