Google's stated policy for apps on its Google Glass head-mounted hardware is that apps aren't allowed to take photographs when the display is turned off. But it turns out there's nothing actually enforcing this policy. Two California Polytechnic students built an app that converts Glass into a spy camera, taking a photo every 10 seconds without any visible indication to the user, reports Forbes.

The app, built by graduate researchers Mike Lady and Kim Paterson, masquerades as a legitimate piece of note-taking software, albeit with the decidedly illegitimate name of Malnotes. It captures images of whatever the Glass wearer is looking at and uploads them to the Internet. The pair notes that although this violates the Glass terms of service, those terms of service have no actual enforcement in the Glass software.

They aren't sure if they could get the app into Google's curated MyGlass app store. They did manage to get it into the relatively wild Google Play app store, but when their professor tweeted about their work, they decided not to bother trying to submit it to the more restrictive storefront. Google has subsequently removed the app.

Talking to Forbes, Paterson expressed dismay that this was possible, noting that many current Glass apps are sideloaded, as developers are still experimenting with the platform.

In a statement given in response, Google said, "Right now Glass is still in an experimental phase and has not been widely released to consumers. One goal of the Explorer program is to get Glass in the hands of developers so they can hack together features and discover security exploits."

This isn't the first time this kind of exploit has been used on Glass. Last year , we reported on the way rooted devices could be used to spy, again with no indication to the wearer that anything untoward was happening.

We're inclined to agree with Google's response: this kind of attack isn't a big deal—at least, not yet. Glass is not a mainstream device. While there are all manner of dubious individuals trying to sell the device, officially it's only available to people accepted into Google's Glass Explorer program. As such, it's meant for experts—predominantly developers and other tech savvy individuals—and isn't billed as production-ready final software.

This is the kind of problem that needs to be addressed prior to Glass eventually becoming a mass-market consumer device, but until that happens, buyers simply need to beware. Third-party software, whether malicious or, as in this case, merely experimental, is liable to make the hardware do things you don't want it to.