Google confirms Android 11 will limit third-party camera apps because of location spying fears

Google is making a change in Android 11 that will force apps that want to take photos or video to use the phone’s built-in camera app — even if you’ve made a different camera app, like OpenCamera, your default choice for photos.

“[W]e believe it’s the right trade-off to protect the privacy and security of our users,” the Android engineering team wrote on August 17th, adding that apps that call on the camera would need to explicitly name each and every third-party camera app they’d like to support. Now, Google’s giving us the reason: it’s to keep bad actors from potentially harvesting your location.

It’s not a drastic change; many camera features will still work exactly the way they used to. It also mirrors the way the camera works on the iPhone. Only this year did Apple allow alternative third-party app defaults — if only for email and browser apps.

And yet, two of the most popular third-party camera app developers tell The Verge that Google’s move seems like a shame. One is worried it might impact his business by further turning third-party camera apps into second-class citizens.

To understand what’s changing, it would probably help if I first explain what’s staying the same:

  • You’ll still be able to open a third-party camera app and use it directly by tapping its icon on your home screen
  • You’ll still be able to take pictures with the cameras built into popular apps like Snapchat, TikTok, and Instagram
  • You’ll still be able to double-tap your power button (or similar shortcuts) to launch the camera app of your choice, Google confirms
  • Apps will still be able to launch the camera app of your choice, too; they just can’t import any photos or videos that way

The only thing that’s changing: if Android apps want to use your camera app — instead of baking in a camera app of their own — they will now go straight to your phone’s built-in camera app instead of letting you choose.

That’s an important distinction because it means those apps can’t phone home with your location. Google has updated its guidance to developers to explain what this is really all about: the company is worried about apps that might ask for photos so they can quietly track your location. When you take a photo, it’s sometimes geotagged with the GPS coordinates where you took that picture, and a non-camera app could steal that by piggybacking on a camera app, even if you’d never granted the original app that location permission.

It’s a thing: Shutterfly was accused of harvesting GPS coordinates from EXIF metadata back in 2019, and other apps have tried different tactics to get around Android’s permissions system.

Originally, the new behavior surprised Android programming book author Mark Murphy so much that he submitted it as a bug, only for Android engineers to confirm that it was “intended behavior.”

And ahead of Google’s fuller explanation, I asked some of the biggest third-party app developers how they felt about the move. As the developer of the 10M+ download Camera FV-5 reminded me, it’s just the latest struggle third-party camera app devs are facing right now, as OEMs like Samsung rarely allow alternative apps to access your flashy new phone’s full complement of lenses or the fancier features they’ve built.

The move “definitely will impact our app, and all third party apps, as it will reduce its visibility and add unnecessary friction for the user that wants to use a third party app like ours,” said Camera FV-5 developer Flavio Gonzalez. He added that Google’s workaround “does not make any sense,” as it’s unlikely most app developers will care enough to specifically build in support for a wide range of third-party camera apps like his.

On the other hand, Footej Camera co-founder Stratos Karafotis doesn’t think the restriction is a big deal. While he agreed the Google workaround “doesn’t make sense,” he said users “can still use their favorite camera app” and expects they’ll get used to the change.

Meanwhile, OpenCamera founder Mark Harman, another developer with 10M+ downloads, mostly just hoped users will pick their camera app of choice directly from the Android home screen instead of relying on another app’s intent. “[T]his unfortunately does limit third party camera apps, and means they can’t fully replace the built-in camera app,” he admitted, saying that “it seems a shame in my opinion to take away people’s choice here.” But he didn’t seem worried earlier this week.

I’m a little bit curious about whether Google needed to go this far, though. Why not crack down on bad camera apps that share EXIF metadata instead of distrusting them all by default? Or craft an API that strips EXIF data, perhaps? Why should Samsung, Google, and theoretically Huawei and Xiaomi’s camera apps be trusted any more than the little guys on the Play Store? It made me wonder whether there are any other security or competitive risks Google might be hedging against, but the company tells me this move is specifically about protecting EXIF location metadata from abuse.

On the plus side, Google does have another initiative designed to bring desirable features like Night Mode to more camera apps in the future, with OEMs like Samsung, LG, Oppo, Xiaomi, and Motorola at least partially on board. It’s called CameraX, and perhaps it’ll actually make third-party apps feel more like first-party ones in the future. We’ll have to see if Android phone makers are willing to loan their most interesting camera capabilities out.

Read More

LEAVE A REPLY

Please enter your comment!
Please enter your name here