There is no such thing as perfect security. So it should come as no surprise that even devices as great as Google’s Pixel and Pixel XL smartphones have one or two flaws. What may be a little bit shocking is that the two Google flagship smartphones had a huge security issue with the camera. The issue was one that was not readily discoverable by end-users of the devices. That said, it may be something of a comfort to note that Google has already fixed the problem, which was marked by Google developers as bug 33700679 in the change commit for the fix.
Bug 33700679 was a problem in the camera of the flagship devices. More specifically, the front facing camera sensor was at the heart of this particular problem. The HTC-built front facing camera was given the property htc.camera.sensor.front_SN. In that property designation, the “SN” stands for “serial number” and that serial number is unique between individual devices. The significance of the flaw is revealed in the fact that third party apps had access to that serial number property. Since the cameras are linked to other sensitive information and are used by so many third-party apps, the flaw effectively gave an open door to any entity or person wanting to use the flaw to track individual devices.
Developers at Google submitted a fix for bug number 33700679 on the Dec. 29. To implement the fix, the developers committed a change which restricts access to the serial number property. Thankfully, the camera should still function properly, as the main shooter is still touted as one of the best cameras ever put into a smartphone. Notes associated with testing of the fix show that the serial number is still accessible via ADB, and to other root domains. This seems to suggest that there is some genuine purpose behind camera having such differing serial numbers at the system level, but that suggestion has not be confirmed. However, cybersecurity is a big deal and has been in the news a lot recently – and both HTC and Google tend to take cybersecurity very seriously. Hopefully, the two tech companies have learned from the discovery of this flaw so that similar flaws will not be likely to appear again in future devices from either Google or HTC.