![[Securiday 2018] End User Protection](https://digitalys-mag.net/wp-content/uploads/2018/04/securiday18_conf.jpg)
![Détective Conan : les épisodes de l’histoire principale triées [part 1]](https://digitalys-mag.net/wp-content/uploads/2016/08/Meitantei.Conan_.full_.1913572.jpg)
![[Warning] Une faille critique dans tous les jeux Blizzard permettra aux Hackers de détourner des millions de PC](https://digitalys-mag.net/wp-content/uploads/2018/01/X1NH71Z11PTZ1508884994858.jpg)
Cybersecurity experts from Checkmarx discovered multiple vulnerabilities in the Camera apps affecting millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions.
Overview
The vulnerabilities are collectively tracked as CVE-2019-2234.
After analyzing the Google Pixel’s Camera app, Checkmarx researchers discovered numerous intents that could be combined to manipulate the device’s camera in order to take pictures and record video through a rogue application that has no permissions to do so.
In other words, the apps that have the ‘Storage’ permission, which gives the app access to the device’s entire SD card and the media stored on it, also gives an app the ability to use the Camera app’s exposed intents without the permissions android.permission.CAMERA, android.permission.RECORD_AUDIO, android.permission.ACCESS_FINE_LOCATION, and android.permission.ACCESS_COARSE_LOCATION .
