How to avoid the dreaded Video4Linux flaw in Android

With Google dragging its feet on the fix for Video4Linux, you might consider revoking camera permissions for certain apps.

How to avoid the dreaded Video4Linux flaw in Android With Google dragging its feet on the fix for Video4Linux, you might consider revoking camera permissions for certain apps.

You might not know this, but Android has suffered from a pretty nasty flaw that was found in all versions of the platform. The vulnerability, discovered back in March 2019, affects the Video4Linux drivers and software used for video capture. This flaw could allow local attackers to gain full system control over your device. 

Don't panic. This vulnerability does not allow for remote attack. A malicious actor would have to either have possession of your phone or have you download a malicious app from either the Google Play Store or a third-party source. Even so, the vulnerability is there and, should you fall victim to it, very bad things could happen.

SEE: VPN usage policy (TechRepublic Premium)

What can you do?

Until Google patches this flaw, there is something you can do to protect yourself: Use caution over what apps have access to your device video camera. When you install and run an application for the first time, if that app requires permission to access your device camera, you must allow it. However, this setting is not irrevocable. In other words, you can deny an app permission to use the camera after the fact. And that is exactly what we're going to do.

How to revoke camera privileges in Android

How you do this will depend upon the version of Android you use. I will be demonstrating on Android 10 (as that is the latest version of the platform). Regardless of Android version, what you are looking for is the Permission Manager. If your version of Android has a search function in the Settings app, search for Permissions and you should find the setting location.

In Android 10, go to Settings | Apps & Notifications | Advanced | Permission Manager. In the resulting window (Figure A), locate and tap Camera.

Figure A

cameraflawa.jpg

The Android 10 Permission manager.

In the Camera permissions window (Figure B), you should see a listing of all apps that have been granted permission to access the camera. 

Figure B

cameraflawb.jpg

The Camera permissions window.

Scroll through that list. If you see an app you don't believe needs (or should have) access to the camera, tap it. In the resulting window (Figure C), tap Deny to revoke camera permissions from the app in question.

Figure C

cameraflawc.jpg

Does Discogs really need to use the camera?

And that's all there is to revoking camera permission from an app. Make sure to go through the full listing of apps that have permission and revoke any you believe shouldn't have access. Do use caution to make sure and strip only those apps you are certain you do not want to have access to the device camera. If there's doubt, do not revoke camera access for an app.

Also see

androidsecure-hero.jpg

Image: Jack Wallen