Google Acknowledges Android Security Issue, Promises Fix


Google acknowledged the Android security issue recently discovered by German researchers from Germany’s University of Ulm.   The researchers claim that sensitive data stored on Google’s servers which are used to access calendars, contacts, and other services can be stolen from Android devices.

The vulnerability results from an improper implementation of an authentication protocol.  Currently, an authentication token can be used for up to 14 days in any subsequent requests on Google’s services, an opening that gives malicious attackers access to an Android account.  The attacks are possible when the devices are using unsecured networks, such as Wi-Fi hotspots.

The issue had already been fixed in the most recent Gingerbread release but 99% of Android phones still run lower versions.

Google has now started to roll out a server-side patch to address the issue for all versions of Android.  Google released this statement:

Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.

Google takes care of everything, so no action is required from the users. However, the patch only solves the issue on authentication tokens for Google Calendar and Google Contacts.  Google has yet to resolve the issue with Picasa.

via is one of the most active tech sites in the Philippines. We enjoy sharing interesting and relevant stories about the latest trends in technology, developments in mobile phones and social media, and modern digital and geek culture.

Write A Comment