Comments by "XSportSeeker" (@XSpImmaLion) on "Another Google Pixel security flaw: images can be uncropped and unredacted?" video.

  1. Super wild guess here, I haven't read into the details of this story just yet, so don't count this as an informed opinion. But if this thing is limited to Pixels only, it's likely a goof from the Pixel app development team, perhaps some recent update. It also won't necessarily spread to other devices via AOSP too... see, Pixels don't exactly use raw AOSP in them, despite many people thinking so. It's the closest you can get to it without rooting, but it's not exactly AOSP. Particularly for image apps that could make use of Tensor cores and such, those are made by Google specifically for Pixel phones. I wouldn't call it exactly a "flaw" though... well, it depends on perspective really. The problem here is saving screenshots in .png and allowing for edits to also be saved as .png instead of forcing an export to jpg or some other as-is format. This is why people are generally instructed to export to jpg or gif or some other format when using Photoshop. .png is a format that specifically preserves the original image, saving edits in different layers, which is why information can be "recovered". But you know, this can be really useful for editors sharing parts of the job. General recommendation - if you are not an editor sending image files with a specific purpose, never send files in .png or .psd formats. Not exactly the same thing, but it's kinda like sending .doc and .docx files when you don't want people to be editing those... you'd opt for something like .pdf instead.
    1
  2. Oh, as for responsibility attribution.... xD that's an interesting question that I don't even want to touch much in the ethical and moral part, but if I had to guess, on the legal side, as things are, this would end up with the victims carrying all of the burden, unless it becomes a class action lawsuit. Say, if it's a libel case, it's hard to prove malicious intent if there was an effort to redact sensitive information which failed because of software flaw. And then, without malicious intent, there is no libel case to be made. On the other hand, if there's a class action lawsuit, be it by victims or by people burdened for the app not working as intended, then perhaps there is a case to be made there... for endangering or violating privacy of users and people in general by reckless disregard for basic security. It's still kinda difficult though, it depends on EULAs, terms and conditions, and whatnot. There might be some bullet point in there that takes responsibility out of app developer hands in the case of misusing files.
    1