Checkmarx first contacted the Android security team at Google of its discovery July 4 and Google on July 13 set the severity of the vulnerability to "moderate". Its own app needed to request only a single permission from the user granting it access to the device's storage, something which most Android users would likely grant without a second's thought.

With just those two companies, however, this flaw had the ability to affect hundreds of millions of smartphone owners around the world.

Multiple vulnerabilities affecting Google and Samsung smartphones could allow hackers to remotely spy on users through their phone's camera and speakers, according to the security research team at Checkmarx.

Apparently, this includes recording videos & call audios, capturing photos and extracting Global Positioning System data from the phone's media data unauthorizedly while uploading it to a C&C server. The vulnerability has to do with giving permissions to external storage, which provides an app with access to the entire SD card. Instead, the path to spying involves a malicious app requesting and then being granted access to an SD card, a common request for many apps.

Since photos and videos are considered to be sensitive information, Google enforces a permission system that prevents third-party applications from accessing the camera app and its data without a user's explicit consent (referred to as intents).

What exactly is this Google Camera Bug on Android Phone about? They have further asserted that the vulnerability was triggered to victimize Google pixel, and Samsung manufactured smartphones primarily.

Consequently, such technological holes could expose the user and the phone security to the invasion of privacy, such as keeping the user in the dark while taking their photos and videos and even tracking their location.

"The larger concern is that you have a device that can be used to monitor you, take photos of where your are".

The software security firm replicates the Android phone bug in a video demonstration.

Google said that "We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure". One acts as the malicious app that you might unknowingly download from the Google Play Store. Checkmarx speculates that the weakness may be the result of Google making the camera work with the voice-activated Google Assistant and other manufacturers following suit. The camera activity, com.google.android.GoogleCamera/com.android.camera.CameraActivity, was also an exported activity, meaning that other apps could call for it. They've since been fixed but you'll need to make sure you are running the latest app updates to mitigate your vulnerability.