Defend free speech and individual liberty online. 

Push back against big tech and media gatekeepers.

Reddit Android app issue could potentially cause users to upload private information or photos

Software engineer Eric Urban did a detailed investigation into the issue.

Software engineer Eric Urban writes on his blog about a curious sighting out on Reddit.

An image was posted on the social media platform with an apparently unrelated addition: the logo of CRC Industries – a manufacturer of industrial chemicals – and the name of one of its products, Brakleen, superimposed on it.

Discounting for photo quality that’s usually seen in lossy formats like JPEG – because the rest of the picture did not add up to the usual way in which these images degrade – and intrigued by what he saw, he reached out to the author.

Referring to the puzzling addition of the logo and the brand name onto the picture as “the ghost,” Urban say the author explained that he had taken “a few photos of his work area” using Reddit’s Android app installed on his Pixel 3 phone, and then uploaded one of the images to Reddit – the one featuring the “ghost.”

Double your web browsing speed with today's sponsor. Get Brave.

It turned out that another image taken at about the same time was the one that had the CRC logo and the word Brakleen in it – from a can that’s visible in it.

source: Hydrogen18
source: Hydrogen18

“Why is information from the other image somehow encoded into the first one?,” Urban asks.

After investigating how Reddit handles photo uploads, he discovered that these images are “progressive JPEGs” that allow platforms to display an image before all of it is fully downloaded – thanks to dividing it up in layers.

This still didn’t explain why the Reddit app was apparently merging two images together – the one the user wanted to upload, and another than they happened to have taken separately.

Urban’s investigation revealed that Reddit was “somehow” compressing both pictures.

“This process presumably happens in a background thread. I cannot explain how it happened, but the application appears to have the uploaded first half of compressing the original image and the second half of compressing the other image,” he writes, and assumes that this is why the “ghost” artifact appeared in the first place.

Other than producing strange images, the problem with Reddit’s solution here concerns privacy and security – simply put, users might end up sharing photos they never intended to.

Urban refers to this as a bug in the Reddit app – one that “could lead to unintentional sharing of private information in the form of these ‘ghosts’ on the image” – and it could affect anyone who has the Reddit app installed and shares images taken with it – without realizing that they might be unintentionally “oversharing” any other photos they might have on their phone.

Defend free speech and individual liberty online. 

Push back against big tech and media gatekeepers.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on telegram
Share on whatsapp