Saturday, June 11, 2011

99.7 Percent of Android Devices 'Leaking' Data

German researchers have discovered a loophole in Android devices the could potentially leak data if the devices are used over an open Wi-Fi network. According to, authentication codes for Web-based services, like Google Contacts and Google Calendar, are often sent between a phone and Google’s servers unencrypted and in a plain-text format. This means that anyone eavesdropping on the traffic could access information such as a user's contacts library, phone numbers and email addresses.

In a blog post, the researchers say:
Beyond the mere stealing of such information, an adversary could perform subtle changes without the user noticing. For example, an adversary could change the stored email address of the victim's boss or business partners hoping to receive sensitive or confidential material pertaining to their business.

The loophole affects more than 99 percent of Android phones, notes BBC News. However, researchers are not suggesting that attacks are actively exploiting the loophole. Google has not commented on the researchers' discovery. (more)