Ramblings of this guy you know!

Tech Stuff and random observations on life as I see it….

Now it’s androids turn for a kicking

It was reported yesterday the BBC newsAndroid Icon reported that there are a lot of mobile Phones running the Android mobile operating system are potentially leaking data. Once again this puts mobile OS developers squarely in the limelight; it was only a matter of weeks ago that Apple was grilled over Locationgate. Like with the Apple location data issue this discovery was made by researchers looking into Android and how handles identification information.

The researchers at the University of Ulm were exploring how Android phones handle login credentials for web-based services. What they found was that many applications installed on Android phones interact with Google services by asking for an authentication token – essentially a digital ID card for that app. Once issued the token removes the need to keep logging in to a service for a given length of time. More of an ID attack than just plain data theft, Web-based services such as Calendar, contact information and private web Albums are exposed to this risk. In itself this doesn’t look to be too severe but there are opportunities for information to be altered to go to an alternate email address and a competitor may receive information intended for the phone owner for example. IT also appears that these tokens are not locked to the phone so once obtained, could be available on any equivalent device

Sometimes, the study says, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot so criminals eavesdropping on the wi-fi traffic would be able to find and steal them, suggest the researchers.

The problem seems to have been resolved as of the current version released for Android; version 2.3.4 but it is estimated that only about 0.3% of all android phones are running this versions. The team is urging Android owners to upgrade their phones to the latest OS but if you are an Android owner you will already be aware how reluctant some hardware providers and carriers are to provide the OTA updates or downloads for the phone.


2 responses to “Now it’s androids turn for a kicking

  1. Pingback: Google fixes Android leak « Ramblings of this guy you know!

  2. Pingback: Recent Tech articles – 13th-22nd May 2011 « Ramblings of this guy you know!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: