If you use XGimp Image Editor or may have used the mobile app, we suggest you remove the program right now because a massive security hole has just been discovered by one of its users. Redditor nukelauncher95 shared his findings yesterday in a thread and said the app in question developed by DMobileAndroid is able to access private files. These are files previously uploaded to a remote server. Different files range from images to documents (Word and Excel) to PDFs among other.
The problem seems to be unintentional but genius developers always have their way around things. The point of this is to inform users of possible vulnerabilities and true enough, some people can access things they shouldn’t be accessing.
Photos edited on XGimp files are usually saved on a remote server that is apparently not secure. We never believed that such app has real security but for the sake of those who prefer to use the free photo editor over real and paid ones like Adobe Photoshop, please be warned of this issue. We hope you’re not editing or saving some private (read: NSFW) images.
The issue is being fixed already by some devs. Root access was attained by one to destroy the file access to the server. At this point, Google is being requested to remove the app from the Play Store. XGimp Image Editor is still there but we don’t recommend you to download it until the issue has been resolved.
VIA: SlashGear
SOURCE: Reddit
