HTC Android Smartphone Stores Browsing Screenshots

Mad Hamster writes "Boy Genius Report points out that the HTC Droid Incredible, using the Sense UI, 'will periodically store screenshots of the contents of your web browser.' These shots are stored in such a way that they are not easily deleted. 'They remain when the current browser session is closed, they remain after you clear the browser history, and they remain after a full factory reset,' though there is a way to delete them manually."

Sounds like a debug feature

[casings]

Sounds like the equivalent of writing alert("here"); in javascript?

Don't think this is a big deal.

Re:Sounds like a debug feature

[s73v3r]

A debug feature who's data persists through a factory reset? I don't buy it. And even if it is, its not ok.

Re:Sounds like a debug feature

[kno3]

A debug feature who's data persists through a factory reset? I don't buy it.

What are you suggesting it is? A plot by HTC to somehow retrieve private data from its customers? Seems pretty far fetched to me, and it is quite a leap from the evidence presented here. I think occam's razor suggests this is a mistake. Not a small one, but I can't see that it is anything else.

Re:Sounds like a debug feature

[mldi]

Nope, just a case of someone not turning off the Browser Favorites widget.

All I can say is "duh". Turn it off and you're fine. It's called a "cache file" so it can display that big static thumbnail image in the widget if you choose to use it.

Re:Sounds like a debug feature

[commodore64_love]

Passwords appear as ***** so no worry there, but the screencaps might show a thief (or unscrupulous friend) that you've been surfing porn, or looking at photos of your sexy wife. "Wow. Mrs. Stiffler is hot."

Re:Sounds like a debug feature

[orient]

A plot by HTC to somehow retrieve private data from its customers?

What about a way to obtain proof of child pornography possesion? Or proof of browsing undesirable web sites? Or proof of... whatever the masters might want to prosecute you for? Far fetched, but not impossible and a conspiracy theory is just a theory until it is proved.

Re:Sounds like a debug feature

[aster_ken]

That is because the cache file is stored on your SD card and not in the phone's internal flash memory. A factory reset does not format your SD card. The BGR article was not thoroughly researched.

Re:Sounds like a debug feature

[Gordonjcp]

A cache file that persists even after factory reset?

Why would a factory reset clear user data stored on removable media?

Re:Sounds like a debug feature

[ArcherB]

It's stored on the card in the phone, not the phone's internal memory. The SD card is not erased during a factory reset.

(This was typed on my EVO.)

Re:Sounds like a debug feature

[DJRumpy]

I find myself contrasting the response Microsoft would get if they left something similar on Windows Mobile, and the response Android gets. Although there are a few folks in here with a bit more pessimism, the bulk seem to be willing to assume it's just a 'simple mistake'.

Re:Sounds like a debug feature

[michaelhood]

>>>as you're typing them in, they show each letter for a second or so then it becomes an asterisk

No. They don't.

do you have his phone?

you're climbing up my "most obnoxiously narcissistic posters" list.

every android device i've used has exhibited this password-masking behavior. it's common for mobile devices with low-confidence keyboards.

see your parent post's sig, please.

Huh.

[SanityInAnarchy]

Wonder what those are used for?

Are they ever read? Sent anywhere? Are they permanent (always taking up space), or are they rotated out?

Is there any particular reason I should care?

Re:Huh.

Are they ever read? Sent anywhere? Are they permanent (always taking up space), or are they rotated out?

They are sent out in the middle of the night when the phone is sleeping...

Re:Huh.

[Jahava]

I'll venture a guess: I have noticed on my HTC Incredible that the built-in browser displays a small graphical thumbnail of my bookmarked sites, presumably as a user interface enhancement. When scrolling through my bookmarks, I can see a picture of what the page looked like the last time I visited it. My guess is that these pictures are stored and used to generate those thumbnails.

If that is truly the usage, I have no issues whatsoever with the practice. If those pictures are leaving my phone, however, then this is really unacceptable.

Re:Huh.

[MozeeToby]

Is there any particular reason I should care?

They remain even after a factory reset, which is a little concerning. TFA mentions they found screenshots of everything from their Facebook page to the bank website and everything in between, probably not enough to steal your money or your accounts but still enough to track your activity on the web. If you're doing anything on your HTC phone that you'd rather not have other people (informed, ambitious, and already suspicious people at least) find out about then yes it should concern you a bit.

Re:Huh.

[e2d2]

I'm wondering if they are to make thumbnails like chrome does for a "new tab". I use this as my default page.

Re:Huh.

[ChronoReverse]

Of course it's not erased by a factory reset; the images are saved on the external memory card (microsd)

I'd be really concerned if it WERE erased

Re:Huh.

[MozeeToby]

It doesn't bother me that you're wrong (at least according to the article), honest mistake and all, but it does bother me that you're modded up for it.

They remain when the current browser session is closed, they remain after you clear the browser history, and they remain after a full factory reset. The JPEG files are saved to a folder named .bookmark_thumb1 which is located within the emmc folder of the phones internal storage (so you would expect a full factory reset to delete them).

Re:Huh.

[caladine]

The article is 100% incorrect. I have the Incredible and they're stored on the external SD card. The article is a load of FUD from Boy Genius.

Re:Huh.

[Saeed+al-Sahaf]

Why accept the obvious answer when you can assume the paranoid answer?

Re:Huh.

[Aranykai]

Ironically I recall this reaction happening when the iPhone had the same feature awhile back. It's just the nature of visual bookmarks.

Next up, Google Chrome and Opera keep thumbnail screenshots of the websites you visit!

Re:Huh.

[hax4bux]

TFA is wrong. I have a Hero which exhibits the same behavior (i.e. writes thumbnails to the micro SD)

Re:Huh.

[caladine]

Then you'd be out $100. I'm even posting from the phone... now there's now way I could collect nor is there any evidence I could give you that you'd take. The screen cap that BGR is using is even from the external SD. Drive h: is the default letter for external SD. I'm not the only one saying this.

Re:Huh.

[afidel]

Sorry, but I don't want a reset clearing any user data on persistent storage.

Re:Huh.

[caladine]

Just tried this. Doesn't store on internal memory, the thumbnail is just a picture of an SD card with a "?" next to it, instead of a thumbnail.

Re:Huh.

[ElKry]

They are not lying.

The DROID Incredible stores it on internal storage, while the rest of the Sense UI devices store it on the SD card. For reference, http://www.boygeniusreport.com/2010/06/18/htc-confirms-droid-incredible-browser-issue-plans-fix/

Re:Huh.

[michaelhood]

It’s not the SD card, and people stating otherwise are lying. That is part of my point.

I really wish you and that commodore64 kid would leave the Slashdot I know and love with your paranoid delusional trolling.

C:\android-sdk-windows\tools>adb shell
# find . -name *.jpg | grep -v -e customize -e contacts -e wallpaper -e DCIM | more ./sdcard/.footprints/thumbnails/1272099190529.jpg ./sdcard/.bookmark_thumb1/mcd0bb890.jpg ./sdcard/.bookmark_thumb1/scd0bb890.jpg ./sdcard/.bookmark_thumb1/m46bb1b3c.jpg ./sdcard/.bookmark_thumb1/s46bb1b3c.jpg ./sdcard/.bookmark_thumb1/mdabb3bb3.jpg ./sdcard/.bookmark_thumb1/sdabb3bb3.jpg ./sdcard/.bookmark_thumb1/m66c70c76.jpg ./sdcard/.bookmark_thumb1/s66c70c76.jpg

[snipped for brevity, more of the same follows]

the /emmc/ folder that's present on some Android devices (including the incredible) is a mount point for the internal eMMC storage. it's a bus for a type of embedded flash memory (like SDHC for removable cards).

when there's no SD card, the phone might choose to use this embedded storage (or might choose to use it for other reasons).. it's not really the same as the "internal storage" (which is wiped in a factory reset).

this is a simple oversight on the part of HTC and/or the Android team - not making it more obvious, on devices that have eMMC (very few models of which exist yet), that this is another persistent area of storage that needs to be treated like the SD card when it comes to privacy concerns.

there is no conspiracy here, just innocent mistakes in a massive contribution-driven software project.

Re:OMG!!1one

[Jon.Laslow]

Err, Sense UI is by HTC, not Google.

Re:Hahaha

[faber0]

if you are one of a hundret selling android devices you need something to be distinguished with from the others. So they add on their on UI so customers see it as a better android handset as the ones from other manufacturers. If you submitt it back to android then all will eventually have it and you are just one in the android soup again....

Bookmarks.

[LordAndrewSama]

The HTC Hero has a bookmark widget that uses screenshots of the websites as the buttons with a small label underneath(which is the websites title text I think). Since these images are called bookmark_thumb, I'm going to propose it has something to do with that...

Just like the iPhone then?

[Kostya]

This is how the iPhone does its cool animated transitions. People threw a stink when that was first discovered, but I can't remember if Apple resolved it. I know a factory reset does work on the iPhone though :-)

The boring truth...

[nilbog]

Everyone is up in arms about how these remain after a factory reset. Well the boring and unsensational truth is that the images are stored on the SD card. Your music, pictures, and videos are not deleted with a factory reset either.

These images are stored under the guise of being used as thumbnails for bookmarks but it seems unlikely as those could be taken as needed. This whole thing is pretty sketchy.

That said, if you don't want any more images delete the directory where they are stored and create an empty file of the same name (same name as the directory). No more screenshots!

Re:The boring truth...

[prockcore]

The article is misleading.. they're on internal storage if you don't have an sd card.

They're also *only* created for bookmarks.. if you don't make it a bookmark, no thumbnail gets created.

Re:Hahaha

[oakgrove]

So they add on their on UI so customers see it as a better android handset as the ones from other manufacturers.

I guess if your customer's are complete idiots. Otherwise, you get the experience I had when I was at a T-Mobile store yesterday. I was looking at the new keyboarded version of the My3G and the interface goo they layered on top of Android was just atrocious. Garish bubblegummy looking colors and useless craptastic additions do not a superior interface make. It's like the shit pc makers do to Windows. Adding a bunch of useless docks and shit. Sure, technically, you are adding features and differentiating yourself. But, if it's so great, why do practically all of your savvy customers immediately take it home and wipe it all off? Same thing with SenseUi, motoblur, what ever else. It's all just useless unnecessary junk. I have a Droid with a stock albeit rooted Froyo interface. It's gorgeous, uncluttered, and works spectacularly.

Re:Why are they bookmarking what you do not bookma

Do you have a droid? Have you used the browser? Have you seen the thumbnails in the history feature?

Seriously, taking thumbnails on the client would be the laziest and stupidest way to track web traffic I can think of.

Not easily deleted?

[mweather]

Since when does clicking a file and pressing delete qualify as "not easily deleted"?

Re:Not easily deleted?

[aristotle-dude]

Since when does clicking a file and pressing delete qualify as "not easily deleted"?

So, now you have to use a file manager to administrate your phone?

Android is so easy to use, all you need is a third party task manager to close your apps and a filemanager to clear these thumbnails. Wow, Android is so user friendly. /sarc.

You are making light of a serious security hole were someone to get a hold of your phone or even the SD card from your phone.

Re:And then some app sends them somewhere?

[MikeBabcock]

Apps only have permission to the data on their own section of the main memory by default. Even if they have access to your SD card then that doesn't give them permission to access other apps' private storage (unless they're from the same developer).

yes, they are stored... here's why

[miguelfp1]

yes, it does store the screenshots... for the purpose of having them show up in the Sense UI bookmark widget. on my Hero they are stored on the storage card, on the Incredible they are located on the on-board 6GB partition, http://www.androidcentral.com/htc-browser-bookmark-images-scare explains it in greater detail

Re:Workarounds?

[Dr.Dubious+DDQ]

"Couldn't you just chmod 000 the directory and be done with it?"

From what other people are saying, the directory in question is on the microSD card, which (idiotically) is required to be Microsoft's "FAT32" format...so permissions are not really settable. (You might be able to set the "read only" DOS flag, but I don't know if that'll have any effect.)

(Honestly, why not even UDF is an option instead of FAT32 I have no idea. It's not like the linux kernel - and every modern Windows and Mac OS - doesn't have the ability to support it.)

Re:iTunes or Google

[Mark19960]

Troll.
Has nothing to do with Google.
The images are not sent anyplace... they live on the SD card and factory wipes don't format your SD card.
It's all working as intended and the story might well be labeled a troll as well.

Besides, iPhones did this too.
I don't see the fanboys running for the hills.

Just like Safari

[schlameel]

How is this different from what Safari does? As I recently discovered when someone gave me their old PC, clearing the cache (which the person did) does not get rid of the page images Safari creates. There were hundreds of them: news stories, many Google searches, emails being read and written, adult content. I imagine Safari creates the images for the frequently used wall it puts up when you create a new window or tab. However the images were the full page (top to bottom, not just a 4:3 thumbnail) and there were low resolution JPG's and full resolution PNG's. What Safari needs the full page, full resolution images for I can only guess. This was nine-ish months ago, so it may be different now.

Re:iTunes or Google

[hkmwbz]

This is done by HTC's custom software, not by Android. Furthermore, there is no evidence that there is anything sinister going on. All this is, is that HTC made a silly choice when storing thumbnails for bookmarks.

Risk is of malicious apps

[DaveGod]

Since in their hurried excitement TFA didn't report (or even ask) if this applied to other Android / Sense phones, I see them on my HTC Desire. Anyone using an Android phone without Sense (that is, any non-HTC made Android phone) willing to report? We're all assuming Sense, and it seems likely, but I've not seen any kind of confirmation.

The images aren't there to be sent back to HTC or whatever, they're just thumbnails for the fancypants UI. But there is an unintended security/privacy risk - that a malicious app could upload them, because apps can read anywhere on the SD card (if the app info says they can access the SD card, they can read all of it). OP is quite the dramatisation though, I read it to suggest shenanigans due to that folder being specifically and strangely excluded from the factory reset. That's not the case, the folder is on the SD card none of which is wiped on a factory reset - only the phone's storage is. If you're selling it with your phone (of any kind) you should know to also wipe the SD card.

Also, we don't know what the deletion policy is i.e. how much space they might eventually taking up, this is probably making a bit of an effort to imagine possibilities to complain about.

Another comment suggests "Can be fixed by deleting the folder .bookmark_thumb1 and create an empty txt file .bookmark_thumb1" (which, since being lackadaisical seems to be the in thing, I can't be bothered testing to confirm).

Stories like this

[kindbud]

Are why we need to be able to moderate the article itself.

Is there a running contest among /. editors to see who can approve the dumbest stories?

The real scary story though is...

[lexsird]

The Incredible phones are really part of a conspiracy to enslave us all and take our money little nibbles at a time through some fiendish plot of impulse buying cute and interesting little apps.

144 Comments?

[Tokerat]

Only 144 Comments? Why isn't everyone losing their shit over thisOH I see, it's not about Apple. I stand corrected. Please move to the next Apple thread and begin your irrational bashing there. Thanks!