Android security flaw to be patched soon

so if you're on a device that's no longer being supported/updated (like the htc magic that was dropped a year after being released), what are your options?
 
so if you're on a device that's no longer being supported/updated (like the htc magic that was dropped a year after being released), what are your options?

The fix is going out server side – meaning local authTokens will be erased and replaced with new (secure) ones upon logging back in to the affected service.

See: http://www.intomobile.com/2011/05/18/google-rolling-out-fix-android-security-issue/

Google’s official statement:

Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.
 
Someone random & very determined might(big might) see my(out of millions) random contacts and calendar u say? pffffft SO???
 
Last edited:
Thank goodness this wasn't a Microsoft flaw - the whole world would be flaming away right now, saying what a crappy company/system/software it was.
 
Thank goodness this wasn't a Microsoft flaw - the whole world would be flaming away right now, saying what a crappy company/system/software it was.

Only because Microsoft would take more than 2 days to fix it.

But honestly I am glad this one was an easy fix. If it wasn't the pure fragmentation of the Eco system would mean that it could take up to 18 months for most phones to be fixed. This is still a concern for me.
 
The fix is going out server side – meaning local authTokens will be erased and replaced with new (secure) ones upon logging back in to the affected service.

See: http://www.intomobile.com/2011/05/18/google-rolling-out-fix-android-security-issue/

Yep, I was also concerned that older, unsupported devices would be left in the lurch, but it seems the problem can be fixed without a client update.

AndroidPolice originally postulated that Google would send out a silent Market update like during the DroidDream/Android Market Security Tool March 2011 saga. (http://www.androidpolice.com/2011/0...security-tool-march-2011-apk-floating-around/)

So apparently it is possible for Google to push certain types of updates to all devices automatically.

Not sure how I feel about that just yet - it's something that seems to really help the average tech-unsavvy user, but it's also something that seems like it can be exploited.
 
This fix exposes Google's ability to do "stuff" on their network of roaming bots (apply called Android) ... without user permission or knowledge if needed.
 
This fix exposes Google's ability to do "stuff" on their network of roaming bots (apply called Android) ... without user permission or knowledge if needed.

Dude give it a rest already, iOS is just a guilty or even worse it doesn't have an opt out option. :)
 
Last edited:
Thank goodness this wasn't a Microsoft flaw - the whole world would be flaming away right now, saying what a crappy company/system/software it was.

It's a server side fix.

If it was Microsoft we would have to wait until the next "Patch Tuesday" :-)
 
Dude, Apple/iOS is not connected to the world's biggest information whorehouse.

Ok let me do this:

iOS is just as linked into Google as Android is with maps and search even more so, you can not remove Google Maps and have no option to opt out of any data-gathering, or do you have to actual source code and know its clean?

Android source code is freely available and looked at by millions of programers world wide, they cant hide data-gathering in the OS unlike iOS. With an Android phone you click one option and it stops sending the location data. With iOS you just have to take Steve's word that the data the phone send twice a day is anonymous, and past track record shows me his word is not worth much

I can side-load applications so there is no track of what applications I installed or that surf porn and all, hell I can even block any and all communication to any Google server just by replacing my host file. Sure they can still get your search results if you use the default browser but we can replace that in fact I run Firefox, as for maps I can replace that as well.

Besides if you so paranoid about data-gathering you should not own a cellphone at all, oh and stop using Facebook, Twitter, Google search on your PC while you at it, actually stop using the net because even your service provider is gathering books on you from what towers you use to what websites you visit.


Just for you here is the screenshot of the opt out section:
http://mybroadband.co.za/vb/attachment.php?attachmentid=9556&d=1305824019
 
Last edited:
This fix exposes Google's ability to do "stuff" on their network of roaming bots (apply called Android) ... without user permission or knowledge if needed.

Not this fix, but I'd say the previous DroidDream fix does.

Though this is true for many connected consumer electronics builders (and even software developers) today. It's a way for the manufacturers to fix critical problems as they crop up but it's also a backdoor that seems to let them do whatever they want.
 
Elimentals, you may know how to anonomise your device and that it is wise to do as far as possible, but by far the majority of people out there have no clue about these things. Yes, it is impossible to stay off the grid/net and not be tracked in some way, but we need to know what we are doing (giving away). This "opting out" way of doing things is already saying something. Why not "opt in" after a proper explanation? Opting out is often hidden and not obvious to the average user. Doing it this wrong way around is abusive and arrogant. Most people don't understand what is at stake.

I'm a technology/gadget freak like most here, but I do see the dangers of riding this tiger (getting off becoming less and less possible). I do have strong reservations about Google. Whoever controls Google and Facebook has much power. And we know that Google is working very closely with the NSA already (combine those two systems and a beast arises). This beast may be my friend today, but who's to guarantee me that it will be so tomorrow?
 
See: Lawmakers question smartphone security

A large % of Facebook subscribers are kids who lie about their age to gain access (should be called Fakebook). Kinds want to be on and will make a plan to be on despite efforts to prevent this. A very smart person will have to come up with a way for kids to be legally on Facebook without the dangers because to enforce laws to keep kids off will not work.
 
A note to Facebook: The profile photo is in most cases an easy give-away of under-age use ... check it out, you'll see (if you really care about enforcing this, which I doubt).
 
I wonder if the US lawmakers care so much about the privacy of those outside the US as they do for US citizens? It is in the US's interests to know as much about non-US citizens as possible and Google and Facebook are very convenient tools in this regard, especially when you hook these systems up with the NSA (Echelon, etc) ... not so? Interesting how the algorithms are going to be applied to stay within the law with one group but make others as transparent as possible. The key to effective anti-US operations is US citizenship.
 
Last edited:
This "opting out" way of doing things is already saying something. Why not "opt in" after a proper explanation? Opting out is often hidden and not obvious to the average user. Doing it this wrong way around is abusive and arrogant. Most people don't understand what is at stake.

It is not an "Opt Out" situation, or not completely. When you setup your phone that screen is one of the setup steps. Granted, the options are selected, but it's the same as setting up anything on your pc with a toolbar. Usually if you just click next all the way through you will end up with a lot of toolbars. But if you actually pay attention to what you are doing then you will make sure to untick all that crap. Fools deserve what they get. People who don't pay attention deserve what they get.
 
Top
Sign up to the MyBroadband newsletter
X