Your privately-shared Google Photos are not fully secure: Here's why
Google Photos makes an ideal platform to back up images and videos. It saves storage and makes sure all your data remains readily accessible to view or share, regardless of where you go or what device you use. But now, a major flaw has been flagged in Google Photos, one that can compromise your privately-shared albums/images. Here's all you need to know about it.
Images, albums shared with specific contacts become partially public
Just recently, a security researcher by the name of Robert Wiblin shared a Medium post noting how privately-shared Google Photos become partially public. Basically, if you share a photo/album with a particular Google account via Google Photos, the content will not only become accessible to that person but also to anyone who gets their hands on the address bar link of the shared photo/album.
Video demonstration of the issue at hand
Wiblin demonstrated the issue in a video where a Google Photos image shared with a specific contact was accessible on a third-party Google account and even in incognito mode. Notably, Google Photos has long been letting users generate shareable links for photos, but in this particular case, that option was not even used, and the content was shared directly with a specific contact.
This could be a threat to your privacy
Though the issue looks like an interface-related problem, it could lead users into believing they're sharing images with a particular contact. It also raises the risk of content becoming public as anyone who gets their hands on the link of the content would be able to access it. This could happen if they slide into the recipient's phone or if they forward it willingly.
Hopefully, Google will fix the issue
Google has not commented on the matter and it still remains unclear when or if we will see a fix for it. However, given that files shared via Google Drive become accessible to selected contacts only, users expect Google Photos to behave in a similar way, especially when they are choosing contacts, and there is no mention of its link becoming public.