Simple-Gallery icon indicating copy to clipboard operation
Simple-Gallery copied to clipboard
verified publisher icon SimpleMobileTools

[SECURITY ISSUE / BUG] EXIF thumbnail not changed when cropping or editing image, leaking info

Open JonasDoesThings opened this issue 2 years ago • 0 comments

Steps to reproduce:

  1. Open image in Simple Gallery App
  2. Press Edit button
  3. Crop or Edit Image
  4. Save edited image
  5. Open EXIF thumbnail of the new image file (e.g. with exiftool -b -ThumbnailImage IMG_20230418_161735_1.jpg > foo.jpg)

In Apps like Discord that use - if available - the Exif Thumbnail in their little File Picker Widget you can still see the old unedited image before sending.

Expected Behavior:

  • The EXIF thumbnail of the edited image should match the edited image or at least be scrubbed from the file when editing, so it doesn't leak information.

Current behavior:

  • The EXIF thumbnail matches the original, unedited image, thus leaking sensitive and private information
  • If you for example edit out personal information, order numbers, tracking numbers, etc. this all can be extracted through the EXIF Thumbnail, luckily Apps like Discord scrub the EXIF Data when sending images, but others don't. This is a serious issue.

Device: OnePlus 8T (Android 13) App Version: Simple Gallery Pro 6.26.8 from Google Playstore

JonasDoesThings avatar May 09 '23 17:05 JonasDoesThings