Got an Android phone? Like to check your emails on the go? Like to make use of ubiquitous public Wi-Fi?
Well you might want to put a stop to that, at least until you’ve got a phone that’s running the latest version of Android (2.3.4 Gingerbread).
A study by three German security researchers reveals that most Android phones aren’t quite as secure login info as you’d perhaps like them to be. Authentication codes for apps such as Google Contacts and Google Calendar are sent between a phone and Google’s servers, often unencrypted and in a plain text format.
If these are sent over an open Wi-Fi network, anyone eavesdropping on the traffic could intercept and steal vital information, access your contacts library, phone numbers, your colleague’s email addresses…
Stick to 3G and Wi-Fi in the home
However, this loophole can only exploited if you’re connected to an open Wi-Fi point. So if you’re out and about and browsing on 3G, there’s no way anyone could intercept your information. Ditto if you’re connected to your wireless router at home which (we hope) you’d have set up encryption on.
The bad news is that if you’re super security conscious and you don’t want to risk losing info to this loophole, we’d advise you to simply not make use of public Wi-Fi unless you’ve got the latest version of Android.
Also, as the report suggests, we’d recommend turning off Auto-sync in the background if you do connect to open Wi-Fi (go to Settings > Accounts & sync, uncheck the Auto-sync box).
No word on whether or not this version will be the 2.3.3 variant of Gingerbread that arrived on Nexus Ones and S’s earlier this year, or the newer, more secure 2.3.4.
We’d assume that given the delays involved with getting Gingerbread to Samsung’s phones that it’ll be the latter. We’re looking into this now.