User data and privacy is once again in the headlines, today it’s Googles Android operating system under the spotlight after their various apps on the Android Marketthieve potential access to sensitive user information.
Disturbingly 99% of Android owners could have been affected by accessing the internet over an insecure network, the flaw was worked into various apps which required users to connect to the internet.
Basically Android device calendars and contacts were set up to communicate over unencrypted HTTP, then buzz information to Google to receive a authentication from Google. Because the connection was unencrypted hackers were able to see this information over unsecured public wifi. This would allow them to gather user information from calendars, contacts and picasa photo apps.
This flaw was initially uncovered by computer world, they also explain that phones running Android 2.3.4 won’t have to worry about this security risk, unfortunately this only accounts for 1% of all Android users.
An official statement from Google explained their swift reaction to the problem, “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts,” it continued “This fix requires no action from users and will roll out globally over the next few days.”