1. Are you ready for the Galaxy S20? Here is everything we know so far!

Android handsets 'leak' personal data

Discussion in 'Android Lounge' started by Vorbis, May 17, 2011.

  1. Vorbis

    Vorbis Well-Known Member
    Thread Starter



    AndroidSPCS likes this.

    1. Download the Forums for Android™ app!


      Download

       
  2. Joe Dirt

    Joe Dirt Android Enthusiast

    It was fixed on 2.3.4. I'm covered.
     
  3. AndroidSPCS

    AndroidSPCS Android Expert

    Thanks for the link. It is unacceptable to have security flaws like this that put people at risk. Google needs to fix it in all versions of Android.
     
  4. .Johnathan

    .Johnathan Newbie

    You're covered and that's good for you but what about everyone else/ Google needs to fix this NOW!
     
  5. sonofaresiii

    sonofaresiii Android Enthusiast

    We all realize this isn't an account of someone just getting online and hacking your phone, right? I could be wrong, but they need to hack your wifi first. Not that that makes it okay, but the danger is SIGNIFICANTLY smaller if you consider that someone has to connect to your wifi while you're on it to get any of this information. It's not like this information is available to anyone who wants it.
     
  6. krouget

    krouget Android Enthusiast

    Google did 'fix' it in their latest update (with the exception of the Gallery, since it's handled by cooliris).

    The problem is Android fragmentation, and "everyone else" running older versions of Android. If there were ever an argument to address the fragmentation issue, this is it...in which case, it involves more than just Google.
     
  7. Guamguy

    Guamguy Android Expert

    In order for this to happen, you have to be spoofed into using a public hotspot that's made by the hacker's. Kind of like a hotspot that is pretending it is Starbuck's but its not actually.

    If you think about it, the chances of this happening is small. Not unless you want to connect to any public hotspot in the street or in the mall. Or like your phone's wifi is set always on On all the time and you get entries for "linksys" and "netgear" which will link to any "linksys" or "netgear" that is open and has no authorized password.

    Why it does not happen --- but you need to be very prudent just in case:

    1. You need to manually accept a wifi connection
    2. Most public wifi hotspots are passworded themselves. In other words, they are more scared of people like you,.
    3. You need to go around with your phone's wifi set on on. But most Android users are consciously trying to save battery as much as they can, it's set off.
    4. This won't happen if your phone is always set only for EDGE, 3G, H, or 4G for internet connection.

    Anyway, its always a prudent idea to be careful of sharing not just your phone, but even your laptop on a public wifi area. If you are in a public wifi, you can also close background updates and auto-sync, so only your foreground app is allowed to transmit.
     
  8. dylo22

    dylo22 Android Enthusiast

    That's not entirely true. An attacker doesn't have to create a hotspot for this to work. It can pretend to be the gateway by doing ARP spoofing/poisoning. Since by design ARP does not have any authentication, any host within the same subnet can respond to an ARP request pretending to be the router. This is the same way how many man in middle attacks operates.

    I do agree though that chances of this happening is low. However, the possibility is there and we should be careful. Really the best way to prevent this is not to use public wifis.
     
  9. ardchoille

    ardchoille Android Expert

  10. Guamguy

    Guamguy Android Expert

    Fixed by a server side patch and an invisible "update" pushed to the phones.
     
  11. ShadowUlcer

    ShadowUlcer Newbie

    The way they fix these things is THROUGH updates...you need to update to get the patch.
     
  12. zuben el genub

    zuben el genub Extreme Android User

    So how do you know if it got pushed or not?
     
  13. Guamguy

    Guamguy Android Expert

    You don't. It looks to me that the article I'm reading this from didn't seem to get it right though. The fix appears to be entirely on the back end on the server side.
     
  14. Enraged21

    Enraged21 Well-Known Member

    what if im on evervolv rom? Its android 2.3.3. Does that make me still vulnerable? Not that im worried
     
Loading...
Similar Threads - Android handsets 'leak'
  1. pro100umarchik
    Replies:
    4
    Views:
    338
  2. cocotus
    Replies:
    2
    Views:
    575
  3. Leodev
    Replies:
    1
    Views:
    502
  4. Dw1892
    Replies:
    2
    Views:
    509
  5. The_Chief
    Replies:
    4
    Views:
    448
  6. 20GT
    Replies:
    7
    Views:
    590
  7. Joshua Jackson
    Replies:
    2
    Views:
    490
  8. Veez999
    Replies:
    6
    Views:
    894
  9. Wookbert
    Replies:
    2
    Views:
    803
  10. Mr Padh
    Replies:
    4
    Views:
    541

Share This Page

Loading...