Google Storing WLAN Passwords In the Clear

First time accepted submitter husemann writes "Micah Lee from the EFF filed a bug report about Google storing all your WLAN passwords on their application settings backup service without allowing you to encrypt them. So far it's not known whether the passwords are stored encrypted at rest, but just the fact that Google can read them (and disclose them if forced by 'law') is a bit surprising, too put it nicely. Already one German university is concerned enough about this 'feature' that they issued a warning to their users."

Too much trust

[Linux+User+33]

I think this is perfect example again that we put too much trust on Google. They have repeatly broken that trust and yet some people continue to trust them. This data also goes directly to NSA and FBI. I think both FCC and European Commission should hit them hard, upto jailing the top executives.

Re:Too much trust

[St.Creed]

No serious company can afford to move completely offshore, out of touch with its armed defense (the US army), unless it has ties to another set of rulers. Social and economic ties to the USA are all very strong for Google. They could never move.

They could move their HQ - I'm sure they'd find out pretty soon that it would be difficult to get the same access to the rulers as they have locally. They didn't go to school with the players, they aren't married to people who know the players, they don't have the right employees, they don't really know the customs, etc. etc. I'm sure you can rebuild Google somewhere else, if you must, but it will only be the name and not the company that moves.

This is why I turned off backup

[DigitAl56K]

I turned off Backup on Android after discovering this. They're going to have to store them in the clear (or I guess reversible), so that the "backup" is reversible - i.e. you recover your backup or add a new phone to your account and it "just works" with your wifi.

However, there's no in-between. I can't choose to backup certain things but exclude very sensitive things, like my wifi password and other credentials. Given what we know about government snooping and the constant notices of breached databases these days, I just don't want to use the backup feature at all, and anyone who does is taking a bit of a gamble IMO.

Can't we have a sub-option to "also include credentials", at the very least?

Re:This is why I turned off backup

[gstoddart]

I turned off Backup on Android after discovering this.

I turned it off before I ever knew this, because I'm increasingly finding that I don't trust Google -- either in intent or execution.

All they want to do is collect all of your information and use it to sell advertising, they don't give a damn about your privacy.

And that stupid Google+ might be the last straw since everything is trying to foist it on me and I have no interest in it.

But, I gotta ask ... if we don't trust Microsoft and Google, who is left?

Re:This is why I turned off backup

[DigitAl56K]

But, I gotta ask ... if we don't trust Microsoft and Google, who is left?

I am fine with trusting Microsoft and Google, and indeed anyone with a reliable infrastructure, to provide a backup hosting service that significantly improves the experience with my phone in the event of a disaster. I'm just not fine with entrusting them with access to the contents of those backups, especially when I may not even be aware of or have granular control over what is in them.

A backup passphrase that only I know, and restricting processing to the client-side, would be sufficient to achieve this.

Re:This is why I turned off backup

[Grishnakh]

It seems to me this would be a good place for the alternative ROMs like CyanogenMod to offer non-Google versions of Android which they've certified (by making all the source code open and available, at least for the relevant parts) to work properly in this regard, allowing you to back up data on Google's hosts, but ensuring that it's all encrypted by a passphrase which Google has no access to.

Have an untrusted network

[PvtVoid]

This kind of shit is exactly why, as soon as I got an Android smartphone, I also installed a second wireless router, with its own encryption password, outside my firewall. Anybody who wasn't already assuming that smartphones and tablets are anything other than hostile network actors is an idiot.

Re:Have an untrusted network

[kc9jud]

Anybody who wasn't already assuming that all networked devices for which you haven't personally reviewed all the source code are anything other than hostile network actors is an idiot.

FTFY.

Works as intended

I backup data to a server, I restore data to my phone. OMG!!! They are storing my data noes!!!! This is just fear mongering.

Google Is providing a data backup service (which is opt-in at first boot) that backs up your data and you'd like them to encrypt the data then, what delete the key? Maybe have you type in a second password? Seriously, why make the android first boot process more cumbersome.

Re:So what?

[whois]

If you're a company and anyone associates to your corporate network using an Android phone, you've now got a problem.

And how are you supposed to stop this with policy other than blanket banning android phones? Ignore the fact that google is "good guy google" and think about what happens if the database is somehow exposed to hackers, or if there is a malicious google employee who decides to sell 1.4 million wifi passwords?

Encryption is no panacea

[Arker]

Here's the thing. Even if you encrypt the data before giving it to them, and dont keep the key (which is much harder to do than to say) so what? Do you really think any encryption algorithm you are going to use today will stand up to the tools available to script-kiddies in 5 or 10 years? You do understand that once you put something 'in the cloud' it's probably never going away, right?