Google engineers have addressed a serious user privacy bug that affected only versions of the Android operating system installed on the company’s latest line of Pixel smartphones.
According to Google Senior Software Engineer Alex Klyubin, the serial number for each Pixel camera sensor was saved inside “htc.camera.sensor.front_SN,” a file that stores other system properties.
The problem here, according to Klyubin, is that this serial number is unique per camera sensor, meaning per Pixel smartphone, and could thus facilitate user tracking.
In real life cases, mobile advertisers and app makers could use this number to distinguish between different users with a very high degree of accuracy.
Google patched issue on December 29
The patch Klyubin pushed restricts access to the camera sensor serial number. The only processes allowed to read this value are “cameraserver,” “dumpstate,” and SELinux shell commands.
What this means is that the Android OS will be able to read the serial number, users and support staff using ADB (Android Debug Bridge), but not applications installed on the user’s phone.
This update has been pushed to the Android Marlin branch, the behind-the-scenes name given to the Android (Nougat) version installed on Google Pixel and Pixel XL phones.
Google launched the Pixel smartphones on October 4, 2016, during this year’s #MadeByGoogle event. The Pixel smartphones are part of Google’s Pixel line that also includes the Pixel C tablet and the Chromebook Pixel laptops.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.