Acording to Hong Kong's Privacy comissioner and iTNews, Android applications running on version 4.3 or older have the ability to access your personal photos, files and sensitive data without any notification.
Yesterday there was a report published by the Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD), explaining the findings of this information and their tests on the authenticity of the Android app model.
The report states that their "tests have revealed that it is possible to develop an app that can read the memory of Android devices, including photos, files, and any data other apps choose to store in the devices, without the need to inform app users on the permission page," further mentioning that they had informed Google of this issue back in August 2014, formally requesting that the large-name company to correct this hole.
Google fixed this issue in their Android 4.4 update and saw it eradicated for all versions from there-on, however the old flaw still exists.
"I expect technology giants such as Google to live up to this privacy promise," states Hong Kong primacy commissioner Allan Chiang, further commenting that "it is imperative for them [Google] to practice privacy by design by embedding privacy by default into the design and architecture of IT systems, not bolted on as an add-on, after the fact."
Google's current answer is for users to update their devices to the latest Android offerings, with a spokesperson stating "one of the improvements we made in Android 4.4 was to provide enhanced notification about access by applications to data on shared storage. We encourage users to update to a newer version of Android to benefit from this and other improvements."