Lately, Google has seemed very serious about the privacy and security in Android. This is evident in the huge jump in security features made in Marshmallow from Lollipop. Since late 2015 as well, the mothership has been providing monthly security updates to Android to make sure the platform keeps up with security threats. Very recently, Google recently patched a camera-related security opening in the Pixel and Pixel XL phones that would have allowed hackers to do tracking.
The flaw had to do with the front-facing camera’s (made by HTC) serial number being accessible to third party apps. This is an obvious security flaw that could point people to specific devices. Google says that “Camera sensor’s serial number, stored in system property htc.camera.sensor.front_SN, appears to change between different devices and could thus facilitate tracking.”
A couple of days ago, Google issued an internal fix, restricting access to said information. Google’s commit says, “This commit restricts access to this system property to cameraserver and dumpstate and shell SELinux domains. Test: Camera works, serial number property still available via ADB, but not readable by apps.”
The internal update now stops apps from accessing the front-facing camera’s serial number information. Testing the patch demonstrates that the camera still works as normal, with the said information now hidden from apps.