Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Hackers could track you using Google Photos

Hackers could have tracked you using a now patched bug in the web version of Google Photos, according to researchers at security firm Imperva.

Imperva’s Ron Masas revealed the news in a blog post on Wednesday. The bug stemmed from the service’s search functionality and has reportedly since been fixed b Google. But while open he found it could be used to “approximate” the time and place photos were taken.

“In my proof of concept, I used the HTML link tag to create multiple cross-origin requests to the Google Photos search endpoint. Using JavaScript, I then measured the amount of time it took for the onload event to trigger. I used this information to calculate the baseline time,” he explained.

“Next, I timed the following query ‘photos of me from Iceland’ and compared the result to the baseline. If the search time took longer than the baseline, I could assume the query returned results and thus infer that the current user visited Iceland.”

Related: Best free antivirus software

It’s unclear if the vulnerability was actively targeted by hackers, so the damage could be very limited. According to Masas to exploit users criminals would need to trick them into visiting a malicious web page while logged into Google Photos.

“This can be done by sending a victim a direct message on a popular messaging service or email, or by embedding malicious Javascript inside a web ad,” he explained.

“The JavaScript code will silently generate requests to the Google Photos search endpoint, extracting Boolean answers to any query the attacker wants.”

Related: Best Android apps

The news follows reports that two thirds of Android antivirus apps are “pure snake oil”. The news broke when Austrian antivirus testers AV-Comparatives examined the effectiveness of 250 Android antivirus apps.

Nervous someone may have used your Google Photos to snoop? Let us know on Twitter @TrustedReviews

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.