Android security fears prompt back-end fix from Google

Google issues several statements about the recent Android data leak scares, advising users to hold tight while a security patch is rolled out globally.

Andy Merrett
Andy Merrett has been using mobile phones since the days when they only made voice calls. Since then he has worked his way through a huge number of Nokia, Motorola and Sony Ericsson models. Andy is a freelance writer and is not an employee of CNET.
Andy Merrett
2 min read

Google has stepped up its response to recent worries over Android data leaks, implementing a back-end fix that means the majority of Android smart phone users still using versions 2.3.3 and older won't have to wait for an update.

Yesterday's initial statement from Google acknowledged the issue, stating that it was "aware of the problem" and had "already fixed it for calendar and contacts" in the latest 2.3.4 software.

A subsequent statement confirmed it was dealing with the flaws the original researchers had discovered: "Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days."

Reading around the subject further suggests the fix must be implemented on Google's servers rather than on individual handsets. That should mean users won't have to wait for their networks to push out an update in order to secure their phones. Unfortunately, what isn't immediately clear is how a phone user will know when their handset is safer to use.

We spoke to a couple of the UK networks about the issue. They seemed happy to toe Google's party line, stating they wouldn't be giving specific advice to customers using Android phones. This would make sense if the problem is solved entirely by Google, though we got the impression the networks spokespeople weren't wholly clued up on the security issues involved.

While the risk of data theft is low, it looks as if Google's developers left some gaping security holes. It's worrying that only in version 2.3.4 were these issues substantially addressed.

Having nearly forgotten about the Street View data-collection debacle and Big Brother-like location tracking issues, now we have to question Google all over again. It would be unfair to single out Google for sloppy systems, with Apple and Sony suffering similar (and worse) failures in the last month.

It's not the first time Android security has been called into question, however, and it certainly won't be the last. With the deluge of Android phones coming on to the market and predictions of huge market share growth, Google needs to stay one step ahead of hackers. The Ice Cream Sandwich overhaul expected towards the end of the year should help matters, but users need to know their data is safe now.

Check out our guide for handy hints on keeping your Android mobile data safe when out and about.