Google fixes Android Wi-Fi security hole

Now Android will force secure connections to calendar and contacts servers for all Android users to prevent someone from snooping on data.

Google has plugged an Android hole that could have allowed someone to snoop on an unencrypted Wi-Fi network and access calendar and contact data on the smartphones.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in Calendar and Contacts," a Google spokesman said in a statement. "This fix requires no action from users and will roll out globally over the next few days."

Basically, the fix forces all Android devices to connect to Google Calendar and Contacts servers over https (Hyper Text Transfer Protocol Secure) so that someone snooping on an unprotected wireless network won't be able to grab authentication tokens used by the operating system to validate devices. Android customers will not have to do anything for the fix, which could take a couple of days to roll out to everyone.

The latest release of Android, 2.3.4 for smartphones and 3.0 for tablets, did not have the issue. But the fact that more than 99 percent of Android device owners are still using older versions was likely a factor in Google's decision to expedite a fix.

Meanwhile, Google is still looking into the whether the problem affects Picasa Web Albums, too, as was claimed in a report on the security issue by German researchers released on Friday.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Last-minute back-to-school shopping?

Whether you're looking for headphones to study with or music-streaming gear, CNET rounds up a shopping guide just for you.