If you didn’t already know, you should always make sure that you download smartphone/tablet apps from verified and trusted sources, such as official app stores, for example. This isn’t to say that apps stores are infallible, it’s just that for the most part, they do weed out the majority of fake apps that might contain malware.
It should also be noted that when you download apps, you might want to check on what sort of permissions it is asking from you, because certain apps that ask for deeper permission that it should does seem a bit suspect. That being said, one developer has found a loophole in the Android operating system that would allow it to snap photos of the user without them knowing.
This loophole was discovered by a security researcher, Szymon Sidor, who discovered that by exploiting this loophole, he could get an app to snap photos of its user without an indication that a photo was snapped. Typically this requires the viewfinder to be brought up, to let the user known that the camera is active, but by exploiting the loophole, Sidor made it so that the viewfinder was just a single pixel wide, meaning that unless you were looking with a microscope, you’d never know the camera was activated.
According to Sidor, “The result was amazing and scary at the same time – the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)! Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.” Sidor has since uploaded a video demonstrating the exploit, and has also notified Google about the flaw.
Hopefully this is something Google will take extremely seriously and patch it in a future update. In the meantime, once again we’d like to remind you guys to always be wary of where you download your apps from, lest your phone starts taking photos of you without your knowledge and uploading them to a private remote server.