Android phone can leak user's information
By siliconindia   |   Thursday, 19 May 2011, 19:36 IST
Printer Print Email Email
Bangalore: German researchers have reported that Android devices running on 2.3.3 or older versions are vulnerable to attacks that transfer data or allow the criminals to transmit information. The study says that the Android devices are prone to data theft, especially of the username and passwords of Google services. It is found that the Android devices are not secure on open Wi-Fi networks. As the 2.3.3 version is present on most of the Android devices, it makes most of users' vulnerable to data theft. Google apps are not the only entity that is facing the threat; other applications which do not use a ClientLogin protocol are also causing a worry for the users. The Google Calendar apps were prone to interception by unauthorized people who could easily impersonate others and misuse the data. The Google service that asks for authentication token at the time of login is known as authToken. Many applications installed in Android phones ask for the authToken. And time of login, the authentication token remains valid for 15 days and can be used again on Google Calendar, which does not use https. As Google takes 15 days times for the authentication, hackers get enough time to track the information of the users. So Google will improve its security by shortening the length of time authTokens are valid and rejecting ClientLogin requests from insecure http connections. If it can reduce the time of the authentication it can reduce the risk for the users. The researchers said that they have fixed the problem in the 2.3.4 version of Android, but according to Google only 0.3 percent of Android phones are running this software. Google has advised their users to use the updated version to get rid of the vulnerability.