This might seem reasonable to some point considering the message apps are among the pioneers of free media file sharing. So it wouldn’t be too much of a stretch to consider the possibility of hackers taking this advantage to benefit themselves. On Android, apps have the option of saving media files like images and audio either through the app’s own internal storage or through external storage that belongs to the phone that can also be accessed by other apps.
A service like WhatsApp, for example, stores media files through the phone’s storage (external) while Telegram restricts itself until the “Save To Gallery” feature is enabled by the user.
With this being the case, the research has found out that the malicious apps that also have access to the external storage contain malware that can be used to access the media files sent through the messaging apps, at times even before the receiver has seen them.
This then gives the hacker an opportunity to alter the file say an image without the user ever noticing. In the same way, although theoretically, the attacker also has the chance of manipulating outgoing messages as well. The attack that has been dubbed “Media File Jacking” may be a recognised problem that’s torn between privacy and accessibility for Android messaging apps.
The external storage setting used by most apps that are more compatible with others gives them access to media files allowing data to move more freely, a factor that comes with a price as pointed by researchers last year.
Despite request to comment on this issue, the team at Telegram has kept mum about it but WhatsApp, through a spokesperson, said that limiting the app’s storage system to just internal could restrict the service’s ability of sharing media files and even bring up new privacy issues, adding on a lot to Zuckerberg’s already full plate.
“WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development.” said the spokesperson in a statement. We would love to see this potentially troublesome issue contained considering the huge numbers of users that these two apps are responsible for.
And as the researchers clearly state, users tend to lean their trust on encrypted apps that “protect the integrity of both the identity of the sender and the message content itself.” But they still went on to acknowledge that no code is immune to security vulnerabilities.
Featured Image Courtesy: Google