Google fixes Android Wi-Fi security hole

Now Android will force secure connections to calendar and contacts servers for all Android users to prevent someone from snooping on data.

Google has plugged an Android hole that could have allowed someone to snoop on an unencrypted Wi-Fi network and access calendar and contact data on the smartphones.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in Calendar and Contacts," a Google spokesman said in a statement. "This fix requires no action from users and will roll out globally over the next few days."

Basically, the fix forces all Android devices to connect to Google Calendar and Contacts servers over https (Hyper Text Transfer Protocol Secure) so that someone snooping on an unprotected wireless network won't be able to grab authentication tokens used by the operating system to validate devices. Android customers will not have to do anything for the fix, which could take a couple of days to roll out to everyone.

The latest release of Android, 2.3.4 for smartphones and 3.0 for tablets, did not have the issue. But the fact that more than 99 percent of Android device owners are still using older versions was likely a factor in Google's decision to expedite a fix.

Meanwhile, Google is still looking into the whether the problem affects Picasa Web Albums, too, as was claimed in a report on the security issue by German researchers released on Friday.


Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET


How well do you know your surge protector?

Whether you're looking to add more outlets, or want to add a layer of protection between your gear and the outside world, here's what you need to know.