Retrieving the Image should be done with a deeplink. In the microflow of this deeplink check if the owner of the image is the same then the one requesting it again. Otherwise deny that user the download.
I found the problem is in the cache. When the application is first loaded and you do not log in as the user who uploaded the image, it's impossible to reach the image. But as soon as you log in the image is saved in browser cache and you can view it whenever you want. Is there a way to block the image from saving in the cache?
It should not be possible to view a file which a user doesn't have access to.
You can influence the browsers cache in Mendix: https://docs.mendix.com/deployment/on-premises/deploy-mendix-on-microsoft-windows#5-6-adding-the-cache-control-no-cache-header