Photos are vulnerable on Android phones. After Apple, It turns out that the Android takes things one step further. Once you allow the developer access to connect to the Internet, they could potentially upload your pics to any server right under your nose. There is no information leading us to know if Android applications currently do this, but there is always that chance.
We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS. At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images.
As phones and tablets have evolved to rely more on built-in, non-removable memory, we’re taking another look at this and considering adding a permission for apps to access images. We’ve always had policies in place to remove any apps on Android Market that improperly access your data.