Just how well do Android privacy apps hide your sexy photos and secret texts?

Filed Under: Android, Featured, Privacy

Android appsDo you have photographs on your smartphone that you don't want others to see? If an app publisher tells you that they will keep your secrets safe would you trust them?

The best advice when it comes to privacy and photos is "don't take a photo that you don't want your teacher/boss/mum/dad to see".

But as this advice is not always heeded, the next best thing is to keep them safe from prying eyes should anyone borrow, steal or find your phone.

Encouraged by a recent article on the shortcomings of the Snapchat safe sexting app, I tried a few apps that promise to protect your privacy, but often fail to do anything of the kind. These examples are all based on tests I conducted on an Android smartphone, but many of the apps are also available for iPhone.

Secret Pictures

Secret Pictures

First I tested Secret Pictures which describes itself thus:

"Prevent your pictures from letting others know! ... Pictures vanish from Gallery and are locked behind easy-to-use PIN pad. Protect your private pictures ... Secret Pictures locks your private pictures with your PIN. Only you can see the pictures in Secret Pictures."

It sounds very much like your pictures are protected, hidden from view, secured, etc.

But all it really does is move photos to a poorly hidden directory from where the photos can be viewed and shared. All it takes is a file browser and your privacy is ruined!

Photo Safe

Photo Safe

Next is Photo Safe which markets itself with the slogan

"Protect Your Privacy! ... No one touches your private data without permission!"

Again, the app gives a definite impression that your hidden photos are safe from prying eyes, and again the app moves your photos out of the gallery - but this time the directory is not even hidden.

Instead the PhotoSafe app renames the file you want to hide in a weak attempt to disguise it, putting some extra characters after the file extension.

This photo is not hidden, protected or secured

You can either rename the file or instruct the phone that the file is an image, and once again it is viewable and shareable just like any normal photo.

KeepSafe Vault

KeepSafe Vault

Next in my list was KeepSafe Vault. This app describes itself as the

"Best hide pictures & video app on Android ... Selected pictures vanish from your photo gallery, and stay locked behind an easy-to-use PIN pad. With KeepSafe, only you can see your hidden pictures. Privacy made easy!"

I started to see a recurring theme in the promises that these apps make.

This one has similar failings as the first two apps, using a weakly hidden directory and renaming the images, again easily overcome with nothing more than a file browser.

Hide Pictures & Text Messages

Hide Pictures and Text messages

It's not all doom and gloom though. There are some apps for hiding the pictures and text messages on your Android which live up to their promises although they all seem to come with some trade-off. You really don't get something for nothing when it comes to apps.

Take, for instance, Hide Pictures & Text Messages:

" lets you hide or encrypt almost anything on your phone including photos, videos, contacts, text messages, and other apps."

For once, when they say they encrypt the content they actually mean it. You can still browse to the directory where files are stored but any feasible attempt to open them outside of the app results in a "Load failed!" error message.

The app lets you hide its own icon too so people won't even know that you have an app for hiding stuff.

All this functionality does come at a price though.

After an initial number of free uses you have to pay in order to be able to encrypt or hide further files.

Due to the extra functionality you will also need to hand over a lot of access permissions to your phone and given that you're looking for extra security and privacy, this may be something that you have reservations about.

Private Gallery

Private Gallery

Another promising looking app is Private Gallery which also seems to encrypt your photos meaning they can not easily be viewed outside of the app.

This app is free but it's supported by adverts from an ad network that compromises on security by transmitting the location and identification data from your phone in the clear.

The app also requires some permissions which seem unnecessary given its purpose (for instance, the ability to dial numbers and view/edit your browser history).

Again, if you're in the market for added security and privacy then these concessions may concern you.

Vaulty

Vaulty

The last app I tried was Vaulty which also seems to live up to its promises.

Vaulty looks a little more considerate in that it asks for a more acceptable list of permissions. It also offers a decent balance of functionality in the free version with optional extras in paid-for plugins. If I had a need for a photo/text message privacy app I'd probably go for this one as it seems to ask for the least in return for the most.

Looking into the history of Vaulty highlighted a different problem though.

An automatic update from the developer borked the app for many users, rendering their encrypted files inaccessible. The fault was corrected in a rushed patch but it still demonstrates that should this happen again your protected photos and files might not always be recoverable.

Of course, this risk applies equally to any app which encrypts your data.

In summary, not all apps are created equal and two apps that appear to offer the same service might in fact give very different levels of functionality.

Android tabletSooner or later I expect we'll see an app developer being held accountable for leaked secrets. After all, they promised the unsuspecting user that they would protect those secrets.

It would be better if the descriptions of these Android apps properly reflected what each app does and does not do. At least then users can make an informed choice about how much they wish to trust the app, and whether it is sufficient for the intended purpose.

And, of course, my advice echos those who have gone before me - there is really no situation where you absolutely have to store on your phone naked photographs of yourself.

If you have a photograph or sensitive information that you don't want others to see then try to avoid putting it on a device that others are likely to use.

If you're still determined to go ahead then avoid having anything identifiable in the frame, both of yourself and in the background of the picture.

That way you can at least pretend that it's not you in the photograph when it falls into the wrong hands.


, , ,

You might like

12 Responses to Just how well do Android privacy apps hide your sexy photos and secret texts?

  1. Matt · 527 days ago

    Just spitballing here, and it would likely take a rooted device, but wouldn't the easiest approach be something like this:

    1. Give the app a unique permission group of its own
    2. Create a directory with permissions restricted to only that group
    3. Have the app move files into that folder and turn the app into the app that displays those files. Put a PIN on launch.

    Resetting permission or adding another app to the permission group should take root access anyway, so it should be relatively safe. If you're so worried about files on your phone that you feel encryption is needed, either:

    1. Use Android 4.1+, which supports encryption without relying on a developer who may or may not know anything about implementing it.
    2. Use a BlackBerry, which offers the same feature.
    3. Stop storing sensitive files on a device that wasn't meant to store sensitive files
    4. Get used to the idea of your sensitive files getting read

    • Hi Matt, Thanks for your comments. Unfortunately full device encryption depends on having a pin/password lock on the device which many people still don't use. It also doesn't account for someone using your phone with your permission.

      You've hit the nail on the head in that many IT devices and services are used for purposes they were never intended for, but it's inevitable that people will do what they can, not what they should.

  2. Darrien · 527 days ago

    What about St@sh for the iPhone? Have you had a look at it.

    • Hi Darren, Sorry but I've not tested any iPhone apps yet. If you'd like to send me an iPhone 5 I'd be happy to take a look and get back to you...

  3. Joey · 527 days ago

    Some Nokia's are quite good at protecting sensitive data. My E71 can encrypt the data on the phone and the memory card, with a user selectable encryption key, I assume it encrypts the messages too. It also allows me to password lock my memory card so it won't even show up as a removable drive if some one nicks the phone and takes out the memory card. My older Nokia C3 also allows password locking memory cards, but doesn't encrypt the data. Either way it still protects against people seeing the data should I lose the phone and they try to get the memory card out and see what I've got on it.

  4. Skinnelli · 526 days ago

    On the Galaxy S3, you can use the built in functionality to encrypt the whole device and/or external media card; just go to Settings > Security > Encryption. You may need to set an unlock password to the device first though, go to Settings > Lock Screen and choose Secured with Password.

    • Hi Skinnelli, thanks for your comment.
      Many people still don't use a device lock and when they're offered a tool that means they only need to enter a PIN for their secrets then they are even less likely to lock the handset as they mistakenly trust that their secrets are protected.

      Ideally I'd like to see full device encryption and device lock enabled by default, or that people stop putting sensitive material on insecure devices. Ideally I'd also like to win the lottery but we have to make the best what we've got :)

      • hound · 368 days ago

        Hour secure is using box crypt on drop box for securing files?

  5. Gryffydd · 324 days ago

    For Vaulty, just open the files in a text editor, delete the text "obscured" from the beginning of the file and then change the extension based on what's clearly visible in the text editor.

    For example, a JPG will look like this:
    obscuredÿØÿà

    ÿØÿà is the standard JPG file header. I wouldn't call this very secure...

  6. Xineiter · 178 days ago

    Vaulty don't encrypt files. It's just removes file information. Software like VLC has no problems decoding video files.

  7. @whattouse · 169 days ago

    Have you come across a reliable (or any) privacy app that stores the encrypted items in the external SD instead of hogging up the memory of the phone itself? And since its gonna be on an External Drive it really needs to be encrypted and not just renamed and "hidden" in a dodgy folder.

  8. KayG · 87 days ago

    For the record the rename the file trick doesn't allow you to view the photo in Keepsafe tried it and you cannot view the photo

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Gary Hawkins is a UK based information security analyst in the financial sector with a background in infrastructure architecture. You can follow him on Twitter or read more articles on his blog which endeavours to make IT security and privacy accessible to the non-IT public.