Google issues patch to plug Android data leaks

The fix should keep contact and calendar data safe if you're on an open Wi-Fi network.

Google's putting a quick patch on an Android security flaw that could leak contacts and calendar data through open Wi-Fi networks.

The patch will roll out to Android phones starting Wednesday. "Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days," Google said in a statement.

Researchers at Ulm University's Institute of Media Forensics reported the flaw last week, and the tech press took notice on Monday and Tuesday. The issue lies in the way Android handles authentication tokens. If sent over an insecure http connection, a hacker on the same Wi-Fi network as the user could conceivably steal the authentication and gain access to the user's calendar, contacts and Picasa Web albums. Although the issue of contact and calendar leakage was already fixed in Android 2.3.4, the vast majority of Android phones run older versions of the software.

The odds of being attacked are unlikely, but it's not the type of issue Google would want to ignore. The patch only addresses calendar and contact data; Google is still trying to figure out how to address the issue within Picasa.

It's interesting to note that Google was able to patch the problem quickly on old versions of the Android software. Fragmentation may be an issue for app compatibility or getting the latest Android features, but at least it didn't stop Google from pushing out a fix to a security problem.

Follow Jared on Facebook and Twitter for even more tech news and commentary.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymobile securityGoogleAndroidPhonesconsumer electronicswireless security

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jared Newman

PC World (US online)
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?