Android phones all the rage, some even believe it will outpace the iPhone. As for me, being a security professional, I have my concerns. Many security researchers have demonstrated that almost every single Android Smartphone can leak login data for Google services – that’s a scary thought. The problem is due to the fact that the login tokens are sometimes sent in clear test over wireless networks, thus allowing hackers to grab these tokens and potentially cause mischief. This can be done easily by a hacker by setting up a wireless access point with a common SSID of an un-encrypted public wireless network such as those used by providers such as Starbucks. Since login tokens are usually valid for a long time (sometimes 14 days), you’re left vulnerable for long periods of time – a hacker can potentially access your system for two weeks once the login is compromised. 2 weeks? Yikes. So what do you do? Here are some tips:
• Switch off automatic sync when using open WiFi.
• Avoid (or at least limit) using open WiFi connections.
• Use secure transmissions (HTTPS instead of HTTP), by upgrading the handset to Android 2.3.4.