Brazilian site WindowsTeam reports that a security bug in Windows 10 Mobile exposes your pictures to any inquiring eyes.
The bug, discovered by Wallace Michael (@wallace_cane), allows anyone to see the pictures in your camera roll without knowing your PIN number and works on phones on both the production and insider rings.
The PIN workaround works as follows:
- On a locked device, take any photo.
- Preview the photo using the Preview thumbnail (lower left), and after the photo has been opened, delete it using the trash bin icon.
- Press the Back button.
- Preview the photo again, using the thumbnail. You should see a black screen.
- Press the back button and Preview the photo using the thumbnail for a 3rd time.
You should now be able to swipe through all the photos and videos in the camera roll.
The flaw likely has more privacy than security implications, but Windows 10 Mobile users should know their photos are no longer safe simply because their phone is locked.
The bug has been reported in the Feedback Hub here.
Update: We can confirm that the very latest Insider Build does not appear to be vulnerable to this issue.