A bug in Windows 10 Mobile leaves your photos exposed

A bug has been discovered in Windows 10 Mobile, which leaves your photos exposed to anyone that picks up your phone. The severity of this obviously depends on what kind of photos you have, but it's definitely something to be aware of.

In fact, it's so easy to take a peek at someone's library that you can test this out for yourself with the following steps:

  1. Snap a photo while the device is locked.
  2. Tap the thumbnail of the image that you just took.
  3. Delete it.
  4. Press back to return to the Windows Camera app.
  5. Tap the thumbnail again, which is still the photo that you just took despite deleting it.
  6. You'll see a black screen; press back to go back to Windows Camera again.
  7. Now, the thumbnail will be an image from your library. Tap it and you can easily scroll through your photos without ever unlocking the phone.

The good news is that it would appear that this bug is already being fixed. We tested a number of phones for this, and the method didn't work on on any Windows phones that are in the Slow or Fast rings of the Insider Program, so it seems safe to say that this won't be an issue with the Creators Update.

Unfortunately, it works on both the Production ring, as well as the current Release Preview build, which is 14393.726. Luckily, the bug was reported in the Feedback Hub, and it's marked with 'We've got it'.

Source: Windows Team via MSPU

Report a problem with article
google_maps_data_update
Next Article

Google Maps update for iOS and Android lets you “save and share your favourite places”

1484670550_nokia-smartphone
Previous Article

HMD Global reportedly to announce three new Nokia handsets at Mobile World Congress

27 Comments - Add comment

Comments are closed

The comments on this article have been closed by our moderators. Further discussion about this article can be done so on our forums.

Visit our forums »

This from the mostest secure OS in the universe default_hmm.gif


Cute, but do you really want to compared this bug, to just THIS WEEK'S list of stuff from Android, or the past three weeks from iOS?

The crazy reality that seems to get dismissed...

In terms of security, even going back to Windows 7 (Desktop), it has remained the most secure mass consumer OS, besting OS X, iOS, Android, Linux, FreeBSD and gasp OpenBSD. (Meaning fewer flaws, fewer exploits, fewer entry points, etc.)

I know it seems counterintuitive as there are a lot of users that get baited into installing malware or systems that get infected from 3rd party software, but that doesn't mean the OS itself is the bug/security problem of the XP era. (Ironically, installing Chrome or iTunes raises the entry points and susceptibility to malware considerably.)

Besides, if you enable the use of your Camera while the screen is locked, you probably don't have a huge concern for security; as with many user that leave their devices unlocked as they are always in their possession.

This seems to be more common with Windows Phone, as it ALWAYS had the feature to remotely lock/disable the phone baked into the OS, so even a lost phone can be secured from any web browser in a couple of minutes. (Something that appeared long before iOS or Android offered similar features/services.)

i don't even ck my phone. It is pointless to me and too much time to unlock all the time. Besides who would mess with my Windows phone?

are you betting people will just go "yuck, that's a windows phone" and throw it away ? /jk

Do you lock your wallet? No, so why would you lock your phone? I treat my phone the same way I treat my wallet so there is pretty much zero chance of it's physical security being compromised. Even if it were, I don't use it for financial transactions so my phone is, ultimately, the same as that safe full of crap satukoro postulated.

That said, most people wouldn't even know what it was. The vast majority of people aren't even aware you can get Windows on a phone. There may have been a time when people may have been aware of Windows Mobile but most people assumed it died several years ago. So they'd look at a Windows phone and not know what it was.

Do you lock your wallet? No, so why would you lock your phone? I treat my phone the same way I treat my wallet so there is pretty much zero chance of it's physical security being compromised.

A very good point.

I also treat my phone and wallet in pretty much the same way (except when I get home or at the office I tend to put my phone on a table with a power cord, and my wallet stays in my pants even when I take them off).

But, I don't keep that much cash money in my wallet, and I'd be more embarrassed at people seeing some of my drunk pics or accessing my email accounts than loosing 20 $... That said this last argument is easily invalidated by the fact that I also keep my credit card somewhere else in my pants, and that you can pretty much use with just a picture of both sides and annoy me a lot more... Okay so I guess you win this time motor mouth.

A very good point.

I also treat my phone and wallet in pretty much the same way (except when I get home or at the office I tend to put my phone on a table with a power cord, and my wallet stays in my pants even when I take them off).

But, I don't keep that much cash money in my wallet, and I'd be more embarrassed at people seeing some of my drunk pics or accessing my email accounts than loosing 20 $... That said this last argument is easily invalidated by the fact that I also keep my credit card somewhere else in my pants, and that you can pretty much use with just a picture of both sides and annoy me a lot more... Okay so I guess you win this time motor mouth.

The first thing I do when I get home is empty the contents of my pockets onto the nav table - the phone on it's charging plate and the wallet where it lives with my key (I only carry my car key, I never lock the boat I live on), thumb-drive and change piled on top of it.

I do all my real world transactions in cash so I always have a few hundred bucks in my wallet. My credit card literally lives in my wallet because I only ever use it for online transactions and I know all the numbers off by heart, so I never have to take it out. I don't take photos with people in them so I couldn't care less who got to see them and there is never anything of any interest whatsoever on my email, unless youa re into the same sort of music I am, which is highly unlikely.

I, for one, I'm worried my friends might take my phone and look at all my crude drawings of naked men pictures.

My phone halts and reboots...since the last update I cannot take pictures anymore without unlocking the phone. When I press the cam button in locked mode, i get the buzz indicating that the camera app is started, but still i have to unlock the phone by pressing the unlock button before i can actually see the cam app. If i do not do this the screen stays black.

This on a 950XL

My phone halts and reboots...since the last update I cannot take pictures anymore without unlocking the phone. When I press the cam button in locked mode, i get the buzz indicating that the camera app is started, but still i have to unlock the phone by pressing the unlock button before i can actually see the cam app. If i do not do this the screen stays black.

This on a 950XL

What build are you running?

My phone halts and reboots...since the last update I cannot take pictures anymore without unlocking the phone. When I press the cam button in locked mode, i get the buzz indicating that the camera app is started, but still i have to unlock the phone by pressing the unlock button before i can actually see the cam app. If i do not do this the screen stays black.

This on a 950XL

My 950 used to be like that but I discovered a few weeks ago that it now works as it should and it's worked as it should since then. It must have been in a recent update to the camera app.

I've done this by accident several times and always thought it probably shouldn't happen.

###### Windows Phone, tbh.

Turn off 'Allow Camera when Locked'... If you care about security, this should be the first thing you turn off.

This is especially true if you have OneDrive Sync enabled, as anyone playing with your phone or even accidentally could record several hours of HD video and have it eat your data plan.

Doubt this is much of an impact at all given then 80%+ of users are on WP8.1 and not W10M!

More fool them. I resisted for the longest time but since I got my 950, late last year, I have come to appreciate just how much better W10 Mobile is. I could never go back to WP8.x, it woudl be like losing a limb.

More of an exploit than a bug.

Still kinda miss the WP10 UI, but very happy with my new Pixel and not looking back.

This is why you shouldn't using different codebases and more importantly legacy codebases scapedgoat in a just modern UI fresh coat of paint


Um, I don't even know what to say, but this shows a complete lack of understanding of NT and Windows in general.

Of all the current consumer OSes, Windows is still the newest model, has a consistent code base even on WM, and uses more modern OS/kernel concepts than OS X, Linux, FreeBSD, Android or iOS.

When NT was designed, it was based on some in use OS model designs and several that were still theoretical 26 years ago. These concepts and models have proven to be far more extensible and provide deeper utility when dealing with new hardware and software concepts.

The irony is that OS X, Linux, FreeBSD still use kernel concepts and models from the 1980s, with a general OS model that literally goes back to the 1970s with the core foundation in the late 1960s.

UNIX is a very simplistic and old model and its base ideas are what the NT developers purposely avoided to not have Windows NT locked into a dumber I/O and interoperability model.

On Unix everything is read/write to generic I/O streams, on NT these are objects and have richer interfaces, as one tiny example of a difference - which means that on NT, major changes don't break things as easily.

I don't mean to be off putting, instead I want to encourage you and anyone else that cares about the future of computing and OS technologies to go find out what I'm talking about. I recommend the first or second edition of "Inside NT" - you can find it used cheap. It takes about the basic design of NT in layman terms and why things are different and why Unix concepts were avoided, etc.

The problem right now, is that Windows is a couple of generations ahead of the other OS technologies in use, and unless something else models NT or surpasses its design model, things are going to get a lot more messy with a lot of code devoted to compensating for the basic flaws in non-Windows OSes.

This has already been building for almost 10 years, with OS X and Linux becoming less efficient with a lot of duct tape applied to make it do things the OS was never designed to do.

I also don't say this as Windows NT will always be the greatest. However, it is really insane that the OSS world has continually ignored how NT works and hasn't banded together to create a new OS model that meets or surpasses NT capabilities.

As agnostic processing continues to grow, with the GPU becoming a GP-GPU along with other tertiary processors, NT is currently the ONLY OS model that inherently handles this type of processor utilization. Right now the benefit is seen in gaming performance and usable fluidity of the GPU because of NT's kernel level preemptive GPU scheduler/manager.

You can see this... One reason WP has always been faster than Android or iOS on the same hardware is the way NT can use more of the core CPUs, manage them for thermal scheduling and also use the GPU for general computing when it isn't needed for rendering.

I truly wish the world would go, holy crap, look at this, and what we didn't notice and why it matters and will matter more in the future, and people start moving away from the old OS models and create new OS that can also do these things. The OSS especially needs this to happen ASAP.

Especially since Linux can only go so far, and even now AMD and NVidia are bypassing the core of Linux to strap on their video drivers to get 'close' to the performance of NT, and still only offer a fraction of the functionality that is inherent in how NT handles GPUs and all processors.

Linux and OS X still don't have GPU scheduling or GPU preemption and thus using them for GP-GPU operations can be tricky as the OS has no way to manage that usage when the GPU is being tasked by other processes. They still use the same Application level yield based multi-tasking model, and rendering or data mining on the GPU in the background can make other software using the GPU like games run horribly, and that is even if the Applications are properly yielding the GPU.

On Windows you can have Photoshop sucking the GPU for all it can, and Windows still has control, so that if you are playing a game at the same time, it might lose a couple of FPS, and Photoshop might take a few seconds longer to render, but they both run fluidly.

This is really important for the next generation of computing, and outside of Windows has hurt the GP-GPU adoption as it can't be reliably used with the chance that other software is also utilizing the GPU. In contrast, a significant chuck of the Windows NT OS itself is using the GPU and CPU cores as much as possible, as the OS has control of the scheduling of the GPU like the CPU and they won't interfere with other software also using them.

(Long post but this is important stuff that more of the OSS world and people outside of Microsoft need to get their heads around and pay attention.)


Um, I don't even know what to say, but this shows a complete lack of understanding of NT and Windows in general.

Of all the current consumer OSes, Windows is still the newest model, has a consistent code base even on WM, and uses more modern OS/kernel concepts than OS X, Linux, FreeBSD, Android or iOS.

When NT was designed, it was based on some in use OS model designs and several that were still theoretical 26 years ago. These concepts and models have proven to be far more extensible and provide deeper utility when dealing with new hardware and software concepts.

The irony is that OS X, Linux, FreeBSD still use kernel concepts and models from the 1980s, with a general OS model that literally goes back to the 1970s with the core foundation in the late 1960s.

UNIX is a very simplistic and old model and its base ideas are what the NT developers purposely avoided to not have Windows NT locked into a dumber I/O and interoperability model.

On Unix everything is read/write to generic I/O streams, on NT these are objects and have richer interfaces, as one tiny example of a difference - which means that on NT, major changes don't break things as easily.

I don't mean to be off putting, instead I want to encourage you and anyone else that cares about the future of computing and OS technologies to go find out what I'm talking about. I recommend the first or second edition of "Inside NT" - you can find it used cheap. It takes about the basic design of NT in layman terms and why things are different and why Unix concepts were avoided, etc.

The problem right now, is that Windows is a couple of generations ahead of the other OS technologies in use, and unless something else models NT or surpasses its design model, things are going to get a lot more messy with a lot of code devoted to compensating for the basic flaws in non-Windows OSes.

This has already been building for almost 10 years, with OS X and Linux becoming less efficient with a lot of duct tape applied to make it do things the OS was never designed to do.

I also don't say this as Windows NT will always be the greatest. However, it is really insane that the OSS world has continually ignored how NT works and hasn't banded together to create a new OS model that meets or surpasses NT capabilities.

As agnostic processing continues to grow, with the GPU becoming a GP-GPU along with other tertiary processors, NT is currently the ONLY OS model that inherently handles this type of processor utilization. Right now the benefit is seen in gaming performance and usable fluidity of the GPU because of NT's kernel level preemptive GPU scheduler/manager.

You can see this... One reason WP has always been faster than Android or iOS on the same hardware is the way NT can use more of the core CPUs, manage them for thermal scheduling and also use the GPU for general computing when it isn't needed for rendering.

I truly wish the world would go, holy crap, look at this, and what we didn't notice and why it matters and will matter more in the future, and people start moving away from the old OS models and create new OS that can also do these things. The OSS especially needs this to happen ASAP.

Especially since Linux can only go so far, and even now AMD and NVidia are bypassing the core of Linux to strap on their video drivers to get 'close' to the performance of NT, and still only offer a fraction of the functionality that is inherent in how NT handles GPUs and all processors.

Linux and OS X still don't have GPU scheduling or GPU preemption and thus using them for GP-GPU operations can be tricky as the OS has no way to manage that usage when the GPU is being tasked by other processes. They still use the same Application level yield based multi-tasking model, and rendering or data mining on the GPU in the background can make other software using the GPU like games run horribly, and that is even if the Applications are properly yielding the GPU.

On Windows you can have Photoshop sucking the GPU for all it can, and Windows still has control, so that if you are playing a game at the same time, it might lose a couple of FPS, and Photoshop might take a few seconds longer to render, but they both run fluidly.

This is really important for the next generation of computing, and outside of Windows has hurt the GP-GPU adoption as it can't be reliably used with the chance that other software is also utilizing the GPU. In contrast, a significant chuck of the Windows NT OS itself is using the GPU and CPU cores as much as possible, as the OS has control of the scheduling of the GPU like the CPU and they won't interfere with other software also using them.

(Long post but this is important stuff that more of the OSS world and people outside of Microsoft need to get their heads around and pay attention.)

I understand your point, but I am not blaming the core NT kernel for this, I was blaming their messy codebase of the OS (I have a huge respect for NT kernel after reading that, how it is engineered to take advantage of the power of the future of the hardware), and how they keep recycling it. Extending it from PC, to Mobile, to Xbox One. Now the bugs are everywhere. Do you heard the known saying that, 90% PCs works, the rest is when you experience it, you spend most of your time figuring out what's wrong. Even if it's just 10%, it's still a large amount of probability that you'll experience it, and it waste your time of work. The problem here is the how they approach their codebase, their philosophy on it, I'm not that yet technical person to fully understand that but I am a UX designer to know be aware enough, and I see this problem in user experience perspective. They still approach it like how they made PC over the years, just make it work today, figure out tomorrow how to still make it work in the future, atleast that's the nearest analogy I can give to describe it. What I'm saying here is there's a lot of mess, both on implementations, the logic, and to making it work. Some few examples I can thought rn is: there is 2/3 folders managing Start Menu folders options on Windows, There's two lockscreen on Windows 10 PC, the one that you see when you first startup your PC from Shutdown, the one you see when you lock your PC, the Spotlight lockscreen, can you believe keyboard on Windows 10 Mobile and Windows 10 PC isn't the same?, The same service and process Windows Updates use to download Windows Updates is the same being used to download/update apps on Windows Store, can you believe that Windows Update process and service is still from the dial up era of Windows 95, that's why it's still isn't pausable, the progress bars isn't still real time both on WU and Windows Store, unlike on Android's Google Play, do you know that Xbox game downloads on Xbox One uses a different, much efficient, passable newer process or service implementation on downloading big GB of data of it's games from Xbox Live, and it's also separately different that's being used on download and updating apps from Windows Store app for Xbox One. and there are like 3/4 other different process or service also being used to download Windows Updates, and so many other logic flaws they still keep practicing until this day. The whole context here is Microsoft didn't know how to simplify things, just like simple problems like this popups, they just tend to put band aid on the problem over and over again, hogging both the performance of the device and the user experience. This is why I am concerned that Microsoft still can't compete with their Mobile strategy like this. Because they never get one of the most basic fundamentals why Mobile succeeded, because it just works. Like Mac (atleast that how most people says) They want to approach Mobile in a PC way, I'm okay if their gonna approach it only in hardware way, because this will bring a new revolution to Mobile in experimentation on hardware capabilities, just like the rumored foldable phone-to-tablet 2 in 1 Surface Phone, that could transform and extend to PC too when connected to another display, run Win32 apps as a stopgap for it's UWP (for now) via Windows 10 on ARM. This could be revolutionary, but the user experience isn't. And also if we're always like this, it will take forever to patch and fix all these user experience, logic flaws like these. Another 5 year developmental cycle that could've been started fixing right now.

And also do you have Skype and or even just Messenger, if you're generous enough can I add you as a contact so we can chat and discuss more about this, you seem very educated on this context, if you'll let me I still wan't to ask some question privately if you may. I want to have like a atleast a deeper insight on this, and maybe incorporate it on my feedbacks to Microsoft and to my redesign project in the future (I'll tell you in the chat about that), and so it will help my decisions and opinions about this too. Or if you're the person who can't always be bothered, at least let me add you as a contact to just ask you small things about this from time to time. Like a go to contact.

Thanks for a very healthy discussion

Always keep my phone locked. Annoying to unlock? At times, but I would be more annoyed if my info was compromised. And just takes a second to unlock it.

Comments are closed

The comments on this article have been closed by our moderators. Further discussion about this article can be done so on our forums.

Visit our forums »

Advertisement