The news broke late last week that 99% of all Android smartphones suffer from a security problem that allows knowledgeable hackers to access private information used by certain online services.
The problem relates to the way in which Android transmits information to log into Google’s Calendar and Contacts services — something that happens constantly with an Android smartphone and the Google Accounts that all models are designed to integrate with. If exploited, the security hole allows a hacker to gain access to a user’s accounts any data they contain.
Fortunately, the problem was spotted by security researchers at Germany’s Ulm University rather than after an actual hack, but it still highlights how easy it is to overlook even very obvious security holes in complicated software. The fact that the Android operating system used by so many smartphones is overseen by Google only serves to hammer home this point.
The other bit of good news is that the security hole can only be exploited when a smartphone is connected to an unsecured wireless network than other people can freely connect to — such as a public hotspot in a café. Anyone using an Android smartphone at home on an encrypted Wi-Fi network, or with 3G when out and about, is immune to potential attack.
Google has already patched the security hole with an update to Android, but version 2.3.4 won’t be available to all Android smartphone users — it’s usually left to individual handset manufacturers to decide when to make updates available.
Google has, however, also updated its Calendar and Contacts applications to patch the hole too, so the problem should be resolved to all users. Any Android smartphone users who have recently connected to a Wi-Fi hotspot or other public Wi-Fi network would do well to change their Google Account password, though.