Now it’s androids turn for a kicking
May 18, 2011
Posted by on
It was reported yesterday the BBC news reported that there are a lot of mobile Phones running the Android mobile operating system are potentially leaking data. Once again this puts mobile OS developers squarely in the limelight; it was only a matter of weeks ago that Apple was grilled over Locationgate. Like with the Apple location data issue this discovery was made by researchers looking into Android and how handles identification information.
The researchers at the University of Ulm were exploring how Android phones handle login credentials for web-based services. What they found was that many applications installed on Android phones interact with Google services by asking for an authentication token – essentially a digital ID card for that app. Once issued the token removes the need to keep logging in to a service for a given length of time. More of an ID attack than just plain data theft, Web-based services such as Calendar, contact information and private web Albums are exposed to this risk. In itself this doesn’t look to be too severe but there are opportunities for information to be altered to go to an alternate email address and a competitor may receive information intended for the phone owner for example. IT also appears that these tokens are not locked to the phone so once obtained, could be available on any equivalent device
Sometimes, the study says, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot so criminals eavesdropping on the wi-fi traffic would be able to find and steal them, suggest the researchers.
The problem seems to have been resolved as of the current version released for Android; version 2.3.4 but it is estimated that only about 0.3% of all android phones are running this versions. The team is urging Android owners to upgrade their phones to the latest OS but if you are an Android owner you will already be aware how reluctant some hardware providers and carriers are to provide the OTA updates or downloads for the phone.