99.7% of Android phones leak user account credentials

By Matthew · 25 replies
May 17, 2011
Post New Reply
  1. According to a report by German researchers, some 99.7% of Android devices in circulation are vulnerable to an attack that could compromise sensitive data transmitted over a wireless network connection.…

    Read the whole story
  2. MrAnderson

    MrAnderson TS Maniac Posts: 488   +10

    There is no perfect fix... this is no better than a person downloading an app with a key logger.

    The truth is that sooner or later... the development API will have to allow users to be promted, control what aspects of the informtion stored on the device can be touched by an application. If users stick to app stores that are managed by big enough or trusted sources it should at least mitigate most of the fuss.

    Wireless devices and our data always hovering over the ether is scarry enought!
  3. ramonsterns

    ramonsterns TS Enthusiast Posts: 744   +12

    Crap, so this is how they used my email account to spam.

    I noticed today that I had apparently sent emails with links to "medicine" sites, when I had not done such a thing. My only culprits were my College and my own Computer, but now it seems my phone is to blame.
  4. nismo91

    nismo91 TS Evangelist Posts: 930   +31

    i'd like to know what are the 0.3% devices
  5. I think one of the 0.3% phones include the simplest Tin Can Phone...
  6. Flannelwarrior

    Flannelwarrior TS Rookie Posts: 131

    Has this hole been exploited yet?
  7. PinothyJ

    PinothyJ TS Guru Posts: 460   +22

    Google in trouble with privacy, again?

    I would never have guessed…
  8. BrianUMR

    BrianUMR TS Rookie Posts: 44

    The 0.3 % are the phones with Gingerbread on them. Which is like the Google Nexus S. It is pretty much saying Gingerbread is only on 0.3% of phones.
  9. gwailo247

    gwailo247 TechSpot Chancellor Posts: 2,010   +18

    So what you're saying is this is a virus released by Samsung to boost sales? =)

    This is really going to force phone companies to have to start taking some stances as far as OS updates are concerned. You can't let the manufacturers drag their feet. Now phone companies are going to need to start taking some responsibility in allowing their customers to have their phones upgraded to the latest version. You can't have the average customer rooting their phone or doing some other crazy nonsense. This is a critical system patch that needs to be applied pronto.

    This year is turning out to be a very interesting one in this particular sector.
  10. yRaz

    yRaz Nigerian Prince Posts: 2,311   +1,404

    I'm happy I have a windows phone
  11. Archean

    Archean TechSpot Paladin Posts: 5,690   +96

    I am not because I am still stuck with SGS running Froyo. Although I never use any open/public wifi spot. Funny thing is almost every android application wants to have some sort of privilege access; which is not only dangerous but reckless on the part of Google + developers. Oh and Mathew, I beat you to it :p
  12. BrianUMR

    BrianUMR TS Rookie Posts: 44

    Yeah I don't really get why so many applications need so many different privileges. I can find games that pretty much do the same thing and some need next to nothing and other want everything.
  13. Arris

    Arris TS Evangelist Posts: 4,730   +379

    Since Android doesn't give users root access as default, the privilege access most apps ask for can only be of a high level type. Most of it is "can Iz access the interwebz?" since people won't want unnecessary data charges from some game they've downloaded downloading additional resources over their 3G connection. I don't think this is particularly reckless of Google. What might be reckless is the level of checking of apps submitted to the Android Market, anything related to user authentication should never be over http . This is where the problem could lie, not the privilege access app ask for, at least in my opinion.

    *hugs his DHD running 2.3.3 Gingerbread*
  14. Archean

    Archean TechSpot Paladin Posts: 5,690   +96

    Fair enough, but recklessness it is as what I was also inferring that why on earth a game would want to have access to your contacts? or logs? In addition to that remember all those malware carrying apps in the market?

    Oh by the way I recommended DHD to a friend who was hell bent on buying an android cell, and guess what, after 2 weeks he returned it :confused:
  15. Thanks God.. I am GingerBread
  16. Your title is misleading. In order the user has to download the application first. Of the percentages of people who download apps on the market, your small percent (probably less than 1%) are at risk. This proves your title is incorrect.

    WTH Techspot, come on!!

  17. So what he is saying is that if someone has access to your cookies then he can access yout stuff, and one can sniff it while its going through network. Well in that case 100% iPhone and 100% of Windows have this issue. I want to know which 0.3% of android phones don't have this issue, I am sure there are none.
  18. princeton

    princeton TS Addict Posts: 1,676

    It was fixed in 2.3.4. Nice try but you're still vulnerable.

    2.3.4 Nexus S master race here.
  19. PanicX

    PanicX TechSpot Ambassador Posts: 669

    Am I the only one seeing this as not an Android problem but a application developer one? I suppose Google can require all authTokens use SSL, but that's still not going to stop a badly developed application from broadcasting your password. I'd hate to think that you'd need to wireshark your phone after every app you install, but if you're really serious about these type of flaws, you'd at least want to read reviews of apps that include this type of checking first. And if you've rooted or jailbreak your phones, then its 100% your responsibility and not the manufacturers.
  20. I heard the security flaw only happens when you don't hold the phone correctly while connecting to wi-fi.
  21. princeton

    princeton TS Addict Posts: 1,676

    This is a joke right? Please be a joke.
  22. The same thing happened to me 2 days ago, but on my Iphone. Those went out from my hotmail account that I running on the phone. I'll never join an unsecured wireless node ever again. Had to have Microsoft wipe my account.
  23. When you get a new android phone, look at the application section and uninstall all apps that requires more permissions then: local storage, geo location, internet access, get phone state. Do this and you have no worries. When installing apps always check permissions such as Twitter app requires you first unborn child access while TweetCaster app does the same thing with only storage, internet and gps (for char near by) access. Don't just blindly install apps, look at the permissions it requires and you will be surprised how you can find many alternatives to the same app which requires far less access. At the end of the day I will always choose android over iPhone mainly because droid is openMarket which gives power to people not the companies and their rules and their fat wallet. -- Saimon Lovell
  24. Arris

    Arris TS Evangelist Posts: 4,730   +379

    No :)
  25. Arris

    Arris TS Evangelist Posts: 4,730   +379

    Gah :(

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...