Google fixing Android security flaw


Google is rolling out a fix for a security problem that affected over 90 percent of Android phones. (David Paul Morris/BLOOMBERG)

Last Friday, German researchers from Ulm University found a flaw in the Android platform for versions 2.3.3 and earlier that made it possible for a hacker to access and edit a user’s Google contacts and calendar on open WiFi networks.

About 99.7 percent of Android users were still running earlier versions of the platform, the researchers said.

For users running these earlier versions, the services use an unencrypted http connection to request an authentication token from Google. In later versions of Android, the services use a secure https connection to request an authentication token from Google.

The company issued a statement Wednesday saying, "Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days."

Researchers also found that synchronization with Picasa, Google’s photo album service, is not encrypted. Google is still investigating this issue.

Related stories:

Skype fixes Android security problem, adds 3G calling

Apple, Google answer mobile privacy questions

Google I/O: Android 3.1, Ice Cream Sandwich, Music Beta

Hayley Tsukayama covers consumer technology for The Washington Post.
Comments
Show Comments
Most Read

business

technology

Success! Check your inbox for details.

See all newsletters