Whenever you download a camera or photo editing app, usually it asks for permission to access your photos and camera. This makes sense and for the most part most of us wouldn’t think twice about it. Unfortunately it appears that there have been some camera apps that have been abusing these permissions and are stealing photos of users.
This is according to a report from security firm Trend Micro (via Android Police) who discovered that there were about 29 malicious apps on the Google Play Store that masqueraded themselves as beauty camera apps, only to phishing users and steal their photos. These apps have been downloaded millions of times and it was only until recently that they were finally removed by Google.
How these apps have been stealing photos is that when users upload an app in order to apply the filter, the app would then upload the image to a private server which would then return an error message to the user to tell them to update the app, but by then it would be too late as the photo would have been sent to someone else already.
Some apps even forwarded users to phishing websites to steal their information, and would also load full screen advertisements, some of which had pornographic content. To make it worse, these apps were also being given 5 star fake reviews in order to make it seem more legit.