Skip to content
main_icn_My_Vodafone main_icn_Search main_icn_Chevron_right main_icn_Chevron_down main_icn_Close main_icn_Menu social-facebook social-google-plus social-linkedin social-twitter social-youtube main_icn_Community_or_Foundation main_icn_Location main_icn_Network_signal
Menu Toggle

Welcome to Vodafone Community

Archive

Android handset leak personal data - BBC News

2: Seeker Bronze

In light of the BBC News story today that the well publicised Android vulnerabity is fixed in Android 2.3.4, can we get an official response from Vodafone as to why the 2.3.4 update for the Google Nexus One is still not available?  Further, in the event that my data is "leaked", will Vodafone accept responsibility for any losses incurred until the 2.3.4 update is made available?

 

Rgds

 

Mr. Lawsuit Pending

 

 

View more options
  • Find other posts tagged with:
17 REPLIES
17: Community Champion

Hi SteveMW4, nice to see you on the forum! I posted about this in another thread last night and unforunatly i don't thinkn it's the news you would want to hear

 

Here's what was said anyways: 

 

This issue is caused by the fact that the tokens are not being encrypted before transmission.

You are only at risk of being affected by this if you use an unencrypted internet connection and this would only occur if you are using a public wifi hotspot.

This is a minor issue and wouldn't gauruntee any kind of update.

Also most phones that are being updates are getting updated to 2.3.3 which is still affected, so an update wouldn't fix the issue.

There is an issue in android 2.1 with SMS handling, this issue was fixed by Google in 2.2 but took networks months to get round to updating handsets, in fact you will still find several handsets on 2.1

Best advice here, don't use public WiFi.

 

 

View more options
16: Advanced member
Exactly that Nabs, BBC creating paranoia. If users are sensible and use common sense you'll have no issues
HTC One X (S720e)
ROM: 3.14.401.31 (JRO03C)
HBOOT: 1.39.0000 | Recovery: Stock
Radio: 5.1204.162.29 | Kernel: Stock
View more options
17: Community Champion

The BBC atricle fails to mention anything about unsecure public WiFi connections i.e. the only realy cause of any risk. I have mentioned this to the BBC hopefully they will modify the story

 

As much as it pains me to say it even TechRadar have got better coverage of this one.

 

Also taken from the Ulm-Uni teams results page:

 

What Android users can do:

  • Update to Android 2.3.4. Update your phone to the current Android version as soon as possible. However, depending on your phone vendor you may have to wait weeks/months before an update is available for your phone. Hopefully this will change in the future
  • Switch off automatic synchronization in the settings menu when connecting with open Wifi networks.
  • Let your device forget an open network you previously connected to, to prevent automatic reconnection (long press network name and select forget)
  • The best protection at the moment is to avoid open Wifi networks at all when using affected apps.

 

View more options
2: Seeker Bronze

What?  What is meant by "public" wifi?  Does that include the BT Openzone optional plan?

 

Are you saying that when I can't get a wireless signal (because I'm on the ground floor of pretty much any brick building in London where reception SUCKS) but there is a BT Openzone signal available (a service that I actually PAY Vodafone for) then I'm supposed to NOT use that service I pay for, even when it's the only option?  I suppose if Steve Jobs can get away with telling people to hold their phone differently, then telling me not to use the only option available is ok.  Oh, wait......

 

Option 2.  A simpler solution would be for Vodafone to get their finger outta their ###### and update to 2.3.4.  It seems they want the control but they're not prepared to accept the associated responsibility.

 

Lawsuit pending.

View more options
16: Advanced member

LOL @ people.

 

Vodafone - lawsuit pending for a security issue in Google software. If you were really that worried, you'dve followed RustyU's easy to follow and completely legal guide to updating the software. 

View more options
Community Manager (Retired)
View more options
3: Seeker Silver

Hi Tom

 

Please confirm that there are 2 major issues you are not fixing in withholding the updates from your users

 

1) SMS to incorrect recipitant from 2.2.3

2) Data leak from 2.3.4

 

Thank you in advance

 

Best regards

 

MM

Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
View more options
16: Advanced member
Funny how your mentioning problems in OS versions that Vodafone haven't released. Colleague of mine is "fully up to date" on his Vodafone nexus one, android version 2.2.1. Oh dear, doesn't affect Vodafone customers. Tom doesn't need to respond to that
View more options
3: Seeker Silver
O² customers with a Nexus one are on 2.3.4

Also up to date no data leaks or wrong SMS's

All the best

MM
Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
View more options
16: Advanced member
The wrong sms recipient issue was a GLOBAL Android issue, not specific to ANY ONE PROVIDER. The data leak issue is on PUBLIC networks, and if anyone is dumb enough to input personal PRIVATE information on a PUBLIC network shouldn't have a mobile phone. Sounds like you're just trying to drum up bad press for Vodafone when its a GOOGLE issue. That's pretty lame. Petty. And hilariously directed at the wrong people.
View more options
3: Seeker Silver

All I am asking for is the updates to fix the issues

 

Google have fixed them Vodafone is letting us the users down who are unable to root their devices 

Thank you

MM

Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
View more options
17: Community Champion

Good news guys!

Google started rolling out a server-side fix for this today and expect it to be complete over the next few.
source 

 

View more options
Community Manager (Retired)
View more options
2: Seeker Bronze

@Vampy and Nabs

 

So, these are Google issues with Android, right?  We all agree that, right?  And these issues are fixed with 2.3.4, right?  But Vodafone is blocking my ability to download 2.3.4 because I have stock Vodafone firmware, right?  Or can you obfuscate the issue even more?

 

View more options
Highlighted
17: Community Champion

SteveMW4,

 

As mentioned this has now been patched on Google's servers so should no longer be an issue to anybody, regardless of what android version they are running.

 

View more options
3: Seeker Silver

SteveMW4 wrote:

@Vampy and Nabs

 

So, these are Google issues with Android, right?  We all agree that, right?  And these issues are fixed with 2.3.4, right?  But Vodafone is blocking my ability to download 2.3.4 because I have stock Vodafone firmware, right?  Or can you obfuscate the issue even more?

 


Exactly.

 

Google is slow enough at fixing issues without then having to wait another ice-age for Vodafone to "test" the release.

 

Vampy - do you have any evidence that Vodafone's testing has protected its customers from bugs in the stock firmware?

View more options
3: Seeker Silver

Evidence Smiley Very Happy protection! 

 

Ice age or longer,  Vodafone's customer service is slipping since last years staff layoffs I have not seen any evidence of any additional protection.

 

If a large company like Google can offer the solutions and fix them reasonably quickly, why do Vodafone need to waste time and money revisiting work done by others?

 

Best regards

 

MM

Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
View more options