“Owners of Android smartphones are being warned to avoid public WiFi networks after researchers found a security flaw that could affect the vast majority of devices based on Google’s software,” Tim Bradshaw reports for The Financial Times.
“A trio of researchers at Ulm University in Germany found that it was ‘quite easy’ for hackers to intercept data from Google’s photo-sharing, calendar and contacts applications, as well as potentially other Google services such as Gmail, using a flaw that affects 99 per cent of all Android devices,” Bradshaw reports. “In March, Google was forced to remove more than 50 rogue applications, which could have stolen data or sent costly messages, from tens of thousands of Android devices.”
Bradshaw reports, “Google said of the flaw: ‘We’re aware of this issue, have already fixed it for calendar and contacts in the latest versions of Android, and we’re working on fixing it in Picasa.’ However, according to the researchers, the flaw still affects devices running older versions of Android, which make up 99.7 percent of Google smartphones in use today.”
Read more in the full article here.
MacDailyNews Take: Drip, drip, drip…
Related articles:
99% of Android phones leak secret account credentials, other sensitive data – May 17, 2011
Starbucks exec: Android apps often ‘watered down’ – May 16, 2011
Fragmandroid: Netflix app spotlights Android AppLag, fragmentation crisis – May 14, 2011
Intermedia: Business professionals overwhelmingly choose Apple iPhone, iPad over Android phones, tablets – May 12, 2011
Apple’s two-year-old iPhone 3GS still outselling AT&T’s latest Android phones – May 10, 2011
NPD: Apple iPhone 4 for Verizon best-selling mobile phone in U.S.; causes Android to lose share for first time since Q209 – April 28, 2011
to bad for all those android users who own devices that can’t ever be upgraded to the newer more secure software which is about 99% of them. They’ll never learn though.
Goes mainstream and the media gets a hold of it but if only geeks know and understand it won’t mean much ….
Yes.
But for all the others that can’t read.
••• 99% OF THE ANDROID PHONES WILL NEVER BE ABLE TO UPGRADE TO GET THE FIX. •••
GOT IT NOW MACFRIEND ??
Sorry, but you are wrong. The server side fix will take care of the problem for them.
Here is yet another link, from Macworld:
http://www.macworld.com/article/159959/2011/05/android_wifi_data_leaks.html
The information in the article MDN republished has since been superseded by new details. How hard is this to understand?
That’s it! I’ve had enough with Android issues. Now planning on buying an iPhone and am ditching my Droid. It’s becoming very apparent to me that Google’s priority is to sell me to their advertisers.
actually as pointed out below, and by others…
your article, says the EXACT same thing that the MDN article from FT says…
“Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts,”
CALENDARS and CONTACTS are being fixed server side…. the REST have not been fixed. that requires the 2.3.4 update, which….. holy crap…… 99.7% do not have.
i swear the android fanbois cant read.
and if any android fanboi wanted to read further in that article…
Other applications that use Google’s ClientLogin Protocol, including third-party Android apps as well as traditional desktop software like Mozilla’s Thunderbird email program, were also vulnerable, the researchers said.
3rd party apps…….. yep, google issued a server side fix for 3rd party apps that connect to other servers not controlled by google…… oh wait… guess thats where the 99.7% comes in again.
Huh, really. I updated my Android OS 2 weeks ago, and hey don’t let facts get in the way but I can do it tomorrow if I choose. Then I will change the battery, because I can.
I can also hijack an iPhone and Blackberry on an unencrypted wi-fi, but don’t let facts get in the way of your argument.
Problems with Hardware, Software & Security on Android? How much worse can it get.
A business partner works in a Verizon only area (Near Providence, RI) and is using Droids and has gone onto his sixth replacement. This 6th unit has intermittent touch becoming inactive on the touch screen.
He can barely wait until he gets the next generation iPhone out on Verizon so he can get away from all these problems.
Wonderfully & Completely Open.
By
Do Know Evil.
uh ha…uh ha…uh ha ha ha….u-ha ha ha ha…uh ha ha ha ha ha ha ha ha ha ha ha haaaaaaaaaaaaaaaaaaaaaaaaaaaa………….woooooooooooooo!………………bastards.
Outdated info. This is being fixed by Google on the server side:
http://m.blogs.computerworld.com/18308/google_android_security_flaw
actually if you were smart enough, you would have noticed that the FT article…. says the EXACT same thing as your link. and posted 1 hour after that article you link.
calendar and contacts are being fixed server side, they are STILL working on the rest.
so this FT article stands.
Reanalyze all this. There are enough problems with which to legitimately criticize Android without being inaccurate.
name the inaccuracy…
The flaw will not affect the 99.7% because it will all be fixed server-side. Eventually, of course 🙂
except the “fix” they said they are doing, is contacts and calendar only. the rest is still open.
Exactly FTB! An full Android update for all of the older version users is required to actually SOLVE the problem.
We, the Android users, don’t mind if Google sell us to ad agency, or expose our personal information to anyone as long as it is “open” and “be evil.” It is better than you, the sleep of Mapple.
what?!?
Come again? Your post make no sense.
-signed “The Sleep Of Mapple”
He’s trying to be clever by making an indirect reference to a Simpson’s episode that pokes fun at Apple when they visit the ‘Mapple Store’ in Springfield. But he’s being stupid by not understanding what being open & being screwed in his ass means.
Steve Jobs said stealing is bad karma & we all know karma’s a bitch.
Google is going to find out how expensive free SW can be when they see the end of the patent infringement cases ongoing and to come.
I’d bet a nice cold beer of choice that before it is over, Apple will sue Google over Android- and win. Larry Ellison is but the first of many & he wants a chunk of their backside if he gets nothing else for Christmas.
You actually think Google is going to lose the case? The patent infringement case is on code mostly written by Linus Torvalds, and even he says its all bullshit. And Apple certainly has nothing to sue them for. Apple sometimes does things well, but since the first Mac they haven’t done anything new.
Troll!
A fix coming… MDN u forgot to mention that. As always misinformation by MDN
A fix.. after what.. 2 years now.. this just didn’t happen.. and yet Google knows about it!! 😉
It sometimes takes Apple forever to come out with a fix for iMac or iOS devices… a classic example is when iPhone 3G was updated to iOS 4.x and users reported that it was extremely SLOOOOOWWWW – like a turtle… After a few months Apple decided to say screw it and let’s not support it… Even the engineers at Apple gave up! Love it! 🙂
I love Apple fragmentation! It’s karma and it’s a wonderful thing! 🙂
the slowness was not everyone. i didnt have it, my mother did.
and there were ways to cure it, and reproduce it.
those that were affected, could have cured it themselves. instead they waited for apple to fix it.
i fixed my mothers iPhone 3g running slow.
they didnt give up.. iPhone 3G’s STILL run iOS 4.0. just not everything. they didnt take any features away either.
I still have both of those 3G’s. used as iPod’s and they do NOT run slow..
“Bradshaw reports, “Google said of the flaw: ‘WE’RE AWARE OF THIS ISSUE, HAVE ALREADY FIXED IT FOR CALENDAR AND CONTACTS IN THE LATEST VERSIONS OF ANDROID, AND WE’RE WORKING ON FIXING IT IN PICASA.’ However, according to the researchers, the flaw still affects devices running older versions of Android, which make up 99.7 percent of Google smartphones in use today.”
oh i dont know… i think i can read the last paragraph MDN posted…
or did you want MDN to side with google so you could feel better? MDN posted the story correctly, YOU failed to read properly and jumped to a conclusion.
and this isn’t the first time google has had security problems, they are just a tad slow on fixing stuff. with all the location collection and selling your info to advertisers they forget about “security and privacy”
Google is more like Microsoft every day…and for all the WRONG reasons…
Google designs turd software for turds. There I said it.
+1
You took the turds out of my, uh, not my mouth.
Companies that refuses iPhone because it’s Apple and jump on the Goober bandwagon are asking for trouble.
Setting aside the all-too-easy target of Android security flaws:
If you’re an Android user I strongly suggest you go to your phone service provider and DEMAND AN ANDROID UPDATE!
Being stuck at a version of Android riddled with security holes, when an actual update solving the problem is available (and there is!), constitutes business malfeasance. It’s another form of ‘Hate Thy Customer’, which is eternally unacceptable. The customer rules. Deal with it.
How can they keep track of who is running what?
So THIS is what they mean by “OPEN”.
Google’s master plan…no really.
Hehehe…….
As a Droid user, I feel you are being too hard on yourself! Apple’s iOS is simply the best all around operating system available to smart phones. I’d rather have a “walled garden” if it means I don’t get all of these malware attacks I’m sick of them! I am going to toss my Android turd of a phone soon and plan on buying what I should have got a couple of years ago. Android doesn’t beat your iPhone in any tangible way.. trust me! Droid (and all Android products) truly suck donkey wiener!
He’s doesn’t work for apple he’s just a troll saying he is to make people believe him
Apple is always the most secure os
Still worth be able to avoid itunes!
Good point. When will I be able to just use my iphone without having it go through itunes? I think I’d rather have a virus!
I dont know, I have the iphone 4 and an HTC inspire… I love my inspire, I find android 2.2 and 2.3 to be extremly well polished, and in many ways out does iOS. I switched to android when I lost all my music, videos and apps, from a bad HD, and apple would not let me redownload them again, since I already used my 1 time! I dont have this issue with android… I swiched and I dont think I’ll go back any time soon… but I use my iphone as a cool ipod.
Uh. You guys do realize your information is just as exposed on a iphone? Like. If its not encrypted. Its readable. And by readable I mean plain text, and by duh I mean DUH.
This means you should use SSL. OR as I prefer
DO NOT CONNECT TO FOREIGN UNTRUSTED NETWORKS TO TRANSMIT SENSITIVE DATA and no starbucks isn’t a trusted network!
rtards
You’re a few days late, and the inflammatory reporting, far beyond the scope of the actual issue, is hardly a surprise. For there to be ANY risk of data security being compromised takes a whole set of Doomsday Scenario circumstances – Google is pushing out the fix for Android users over the next few days, NOT requiring A2.3.4 – just a hotfix which I’m guessing will shorten the authToken lifespan or prevent autosync over open/unencrypted wifi or any number of solutions. Meanwhile, this “99%” headline, which isn’t even really relavent to the issue itself (it’s a statistic of how many iterations of Android phones already have 2.3.4, as though that is the only solution), which started with The Register, will continue to fly around for months. Haters Gonna Hate.