99.7% of Android settlers warned to avoid public WiFi networks over data breach threat

“Owners of Android smartphones are being warned to avoid public WiFi networks after researchers found a security flaw that could affect the vast majority of devices based on Google’s software,” Tim Bradshaw reports for The Financial Times.

“A trio of researchers at Ulm University in Germany found that it was ‘quite easy’ for hackers to intercept data from Google’s photo-sharing, calendar and contacts applications, as well as potentially other Google services such as Gmail, using a flaw that affects 99 per cent of all Android devices,” Bradshaw reports. “In March, Google was forced to remove more than 50 rogue applications, which could have stolen data or sent costly messages, from tens of thousands of Android devices.”

Bradshaw reports, “Google said of the flaw: ‘We’re aware of this issue, have already fixed it for calendar and contacts in the latest versions of Android, and we’re working on fixing it in Picasa.’ However, according to the researchers, the flaw still affects devices running older versions of Android, which make up 99.7 percent of Google smartphones in use today.”

Read more in the full article here.

MacDailyNews Take: Drip, drip, drip…

Related articles:
99% of Android phones leak secret account credentials, other sensitive data – May 17, 2011
Starbucks exec: Android apps often ‘watered down’ – May 16, 2011
Fragmandroid: Netflix app spotlights Android AppLag, fragmentation crisis – May 14, 2011
Intermedia: Business professionals overwhelmingly choose Apple iPhone, iPad over Android phones, tablets – May 12, 2011
Apple’s two-year-old iPhone 3GS still outselling AT&T’s latest Android phones – May 10, 2011
NPD: Apple iPhone 4 for Verizon best-selling mobile phone in U.S.; causes Android to lose share for first time since Q209 – April 28, 2011

46 Comments

  1. to bad for all those android users who own devices that can’t ever be upgraded to the newer more secure software which is about 99% of them. They’ll never learn though.

      1. Yes.
        But for all the others that can’t read.

        ••• 99% OF THE ANDROID PHONES WILL NEVER BE ABLE TO UPGRADE TO GET THE FIX. •••

        GOT IT NOW MACFRIEND ??

          1. That’s it! I’ve had enough with Android issues. Now planning on buying an iPhone and am ditching my Droid. It’s becoming very apparent to me that Google’s priority is to sell me to their advertisers.

          2. actually as pointed out below, and by others…

            your article, says the EXACT same thing that the MDN article from FT says…

            “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts,”

            CALENDARS and CONTACTS are being fixed server side…. the REST have not been fixed. that requires the 2.3.4 update, which….. holy crap…… 99.7% do not have.

            i swear the android fanbois cant read.

            1. and if any android fanboi wanted to read further in that article…

              Other applications that use Google’s ClientLogin Protocol, including third-party Android apps as well as traditional desktop software like Mozilla’s Thunderbird email program, were also vulnerable, the researchers said.

              3rd party apps…….. yep, google issued a server side fix for 3rd party apps that connect to other servers not controlled by google…… oh wait… guess thats where the 99.7% comes in again.

        1. Huh, really. I updated my Android OS 2 weeks ago, and hey don’t let facts get in the way but I can do it tomorrow if I choose. Then I will change the battery, because I can.
          I can also hijack an iPhone and Blackberry on an unencrypted wi-fi, but don’t let facts get in the way of your argument.

  2. Problems with Hardware, Software & Security on Android? How much worse can it get.

    A business partner works in a Verizon only area (Near Providence, RI) and is using Droids and has gone onto his sixth replacement. This 6th unit has intermittent touch becoming inactive on the touch screen.

    He can barely wait until he gets the next generation iPhone out on Verizon so he can get away from all these problems.

  3. uh ha…uh ha…uh ha ha ha….u-ha ha ha ha…uh ha ha ha ha ha ha ha ha ha ha ha haaaaaaaaaaaaaaaaaaaaaaaaaaaa………….woooooooooooooo!………………bastards.

    1. actually if you were smart enough, you would have noticed that the FT article…. says the EXACT same thing as your link. and posted 1 hour after that article you link.

      calendar and contacts are being fixed server side, they are STILL working on the rest.
      so this FT article stands.

  4. We, the Android users, don’t mind if Google sell us to ad agency, or expose our personal information to anyone as long as it is “open” and “be evil.” It is better than you, the sleep of Mapple.

      1. He’s trying to be clever by making an indirect reference to a Simpson’s episode that pokes fun at Apple when they visit the ‘Mapple Store’ in Springfield. But he’s being stupid by not understanding what being open & being screwed in his ass means.

  5. Steve Jobs said stealing is bad karma & we all know karma’s a bitch.
    Google is going to find out how expensive free SW can be when they see the end of the patent infringement cases ongoing and to come.
    I’d bet a nice cold beer of choice that before it is over, Apple will sue Google over Android- and win. Larry Ellison is but the first of many & he wants a chunk of their backside if he gets nothing else for Christmas.

    1. You actually think Google is going to lose the case? The patent infringement case is on code mostly written by Linus Torvalds, and even he says its all bullshit. And Apple certainly has nothing to sue them for. Apple sometimes does things well, but since the first Mac they haven’t done anything new.

      1. It sometimes takes Apple forever to come out with a fix for iMac or iOS devices… a classic example is when iPhone 3G was updated to iOS 4.x and users reported that it was extremely SLOOOOOWWWW – like a turtle… After a few months Apple decided to say screw it and let’s not support it… Even the engineers at Apple gave up! Love it! 🙂

        I love Apple fragmentation! It’s karma and it’s a wonderful thing! 🙂

        1. the slowness was not everyone. i didnt have it, my mother did.
          and there were ways to cure it, and reproduce it.
          those that were affected, could have cured it themselves. instead they waited for apple to fix it.
          i fixed my mothers iPhone 3g running slow.

          they didnt give up.. iPhone 3G’s STILL run iOS 4.0. just not everything. they didnt take any features away either.
          I still have both of those 3G’s. used as iPod’s and they do NOT run slow..

    1. “Bradshaw reports, “Google said of the flaw: ‘WE’RE AWARE OF THIS ISSUE, HAVE ALREADY FIXED IT FOR CALENDAR AND CONTACTS IN THE LATEST VERSIONS OF ANDROID, AND WE’RE WORKING ON FIXING IT IN PICASA.’ However, according to the researchers, the flaw still affects devices running older versions of Android, which make up 99.7 percent of Google smartphones in use today.”

      oh i dont know… i think i can read the last paragraph MDN posted…

      or did you want MDN to side with google so you could feel better? MDN posted the story correctly, YOU failed to read properly and jumped to a conclusion.

      and this isn’t the first time google has had security problems, they are just a tad slow on fixing stuff. with all the location collection and selling your info to advertisers they forget about “security and privacy”

Leave a Reply to Marco Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.