Swiped Tokens Expose Android Devices To Data Theft

tsamsoniw writes "Researchers at the University of Ulm have found that eavesdroppers can intercept and use authentication tokens sent between Android apps and Google services via unsecured Wi-Fi. Those tokens, which aren't tied to specific devices or sessions, can be used to peek at and tweak a user's email, contacts, and calendar. Devices running Android 2.3.3 or earlier (which accounts for the vast majority of phones) are most vulnerable, but there are steps devs, Google, and users can take to reduce the risks."

Re:Cloud and Google

[clang_jangle]

android is 'all over the place'. its a dogs breakfast. (that's not a good thing, btw).

I'm with you, it's dreadful. My friend has a verizon Droid which has made random calls and sent random texts since new. It flat-out astonishes me that people not only put up with shenanigans like that, but they will aggressively try to shout down anyone who mentions it. When it comes to Android, the emperor simply has no clothes. Of course, the same thing has been true of microsoft's offerings since the beginning. Doesn't seem to hurt adoption, so long as the marketing hits the right spot. But I strongly prefer competent systems.

Re:Cloud and Google

[clang_jangle]

Or you could unjustifiably assuming things. I've been in the room when her Droid was on the table with no-one anywhere near it and it called me. :P