You are here:
Ask a question:
Reply
Rank 1: Guest
SteveMW4
Posts: 3
Registered: ‎18-05-2011

Android handset leak personal data - BBC News

In light of the BBC News story today that the well publicised Android vulnerabity is fixed in Android 2.3.4, can we get an official response from Vodafone as to why the 2.3.4 update for the Google Nexus One is still not available?  Further, in the event that my data is "leaked", will Vodafone accept responsibility for any losses incurred until the 2.3.4 update is made available?

 

Rgds

 

Mr. Lawsuit Pending

 

 

Message 1 of 18 (3,337 Views)
Rank 45: Oracle IV
Nabs
Posts: 8,846
Registered: ‎06-05-2009

Re: Android handset leak personal data - BBC News

[ Edited ]

Hi SteveMW4, nice to see you on the forum! I posted about this in another thread last night and unforunatly i don't thinkn it's the news you would want to hear

 

Here's what was said anyways: 

 

This issue is caused by the fact that the tokens are not being encrypted before transmission.

You are only at risk of being affected by this if you use an unencrypted internet connection and this would only occur if you are using a public wifi hotspot.

This is a minor issue and wouldn't gauruntee any kind of update.

Also most phones that are being updates are getting updated to 2.3.3 which is still affected, so an update wouldn't fix the issue.

There is an issue in android 2.1 with SMS handling, this issue was fixed by Google in 2.2 but took networks months to get round to updating handsets, in fact you will still find several handsets on 2.1

Best advice here, don't use public WiFi.

 



Find this post useful? Give it the thumbs up below!

 

Message 2 of 18 (3,329 Views)
Rank 21: Instructor V
EddyOS
Posts: 2,514
Registered: ‎20-07-2009

Re: Android handset leak personal data - BBC News

Exactly that Nabs, BBC creating paranoia. If users are sensible and use common sense you'll have no issues
HTC One X (S720e)
ROM: 3.14.401.31 (JRO03C)
HBOOT: 1.39.0000 | Recovery: Stock
Radio: 5.1204.162.29 | Kernel: Stock
Message 3 of 18 (3,324 Views)
Rank 45: Oracle IV
Nabs
Posts: 8,846
Registered: ‎06-05-2009

Re: Android handset leak personal data - BBC News

[ Edited ]

The BBC atricle fails to mention anything about unsecure public WiFi connections i.e. the only realy cause of any risk. I have mentioned this to the BBC hopefully they will modify the story

 

As much as it pains me to say it even TechRadar have got better coverage of this one.

 

Also taken from the Ulm-Uni teams results page:

 

What Android users can do:

  • Update to Android 2.3.4. Update your phone to the current Android version as soon as possible. However, depending on your phone vendor you may have to wait weeks/months before an update is available for your phone. Hopefully this will change in the future
  • Switch off automatic synchronization in the settings menu when connecting with open Wifi networks.
  • Let your device forget an open network you previously connected to, to prevent automatic reconnection (long press network name and select forget)
  • The best protection at the moment is to avoid open Wifi networks at all when using affected apps.



Find this post useful? Give it the thumbs up below!

 

Message 4 of 18 (3,316 Views)
Rank 1: Guest
SteveMW4
Posts: 3
Registered: ‎18-05-2011

Re: Android handset leak personal data - BBC News

What?  What is meant by "public" wifi?  Does that include the BT Openzone optional plan?

 

Are you saying that when I can't get a wireless signal (because I'm on the ground floor of pretty much any brick building in London where reception SUCKS) but there is a BT Openzone signal available (a service that I actually PAY Vodafone for) then I'm supposed to NOT use that service I pay for, even when it's the only option?  I suppose if Steve Jobs can get away with telling people to hold their phone differently, then telling me not to use the only option available is ok.  Oh, wait......

 

Option 2.  A simpler solution would be for Vodafone to get their finger outta their ###### and update to 2.3.4.  It seems they want the control but they're not prepared to accept the associated responsibility.

 

Lawsuit pending.

Message 5 of 18 (3,295 Views)
Rank 23: Tutor II
Vampfy
Posts: 717
Registered: ‎19-09-2010

Re: Android handset leak personal data - BBC News

[ Edited ]

LOL @ people.

 

Vodafone - lawsuit pending for a security issue in Google software. If you were really that worried, you'dve followed RustyU's easy to follow and completely legal guide to updating the software. 

Message 6 of 18 (3,292 Views)
Community Manager (Retired)
Community Manager (Retired)
Tom
Posts: 8,790
Registered: ‎30-11-2007

Re: Android handset leak personal data - BBC News

Message 7 of 18 (3,287 Views)
Rank 6: Frequent Poster
Masonicmoron
Posts: 303
Registered: ‎30-06-2010

Re: Android handset leak personal data - BBC News

[ Edited ]

Hi Tom

 

Please confirm that there are 2 major issues you are not fixing in withholding the updates from your users

 

1) SMS to incorrect recipitant from 2.2.3

2) Data leak from 2.3.4

 

Thank you in advance

 

Best regards

 

MM

Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
Message 8 of 18 (3,270 Views)
Rank 23: Tutor II
Vampfy
Posts: 717
Registered: ‎19-09-2010

Re: Android handset leak personal data - BBC News

Funny how your mentioning problems in OS versions that Vodafone haven't released. Colleague of mine is "fully up to date" on his Vodafone nexus one, android version 2.2.1. Oh dear, doesn't affect Vodafone customers. Tom doesn't need to respond to that
Message 9 of 18 (3,266 Views)
Rank 6: Frequent Poster
Masonicmoron
Posts: 303
Registered: ‎30-06-2010

Re: Android handset leak personal data - BBC News

O² customers with a Nexus one are on 2.3.4

Also up to date no data leaks or wrong SMS's

All the best

MM
Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
Message 10 of 18 (3,261 Views)
Rank 23: Tutor II
Vampfy
Posts: 717
Registered: ‎19-09-2010

Re: Android handset leak personal data - BBC News

The wrong sms recipient issue was a GLOBAL Android issue, not specific to ANY ONE PROVIDER. The data leak issue is on PUBLIC networks, and if anyone is dumb enough to input personal PRIVATE information on a PUBLIC network shouldn't have a mobile phone. Sounds like you're just trying to drum up bad press for Vodafone when its a GOOGLE issue. That's pretty lame. Petty. And hilariously directed at the wrong people.
Message 11 of 18 (3,259 Views)
Rank 6: Frequent Poster
Masonicmoron
Posts: 303
Registered: ‎30-06-2010

Re: Android handset leak personal data - BBC News

[ Edited ]

All I am asking for is the updates to fix the issues

 

Google have fixed them Vodafone is letting us the users down who are unable to root their devices 

Thank you

MM

Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
Message 12 of 18 (3,257 Views)
Rank 45: Oracle IV
Nabs
Posts: 8,846
Registered: ‎06-05-2009

Re: Android handset leak personal data - BBC News - FIXED!

Good news guys!

Google started rolling out a server-side fix for this today and expect it to be complete over the next few.
source 



Find this post useful? Give it the thumbs up below!

 

Message 13 of 18 (3,248 Views)
Community Manager (Retired)
Community Manager (Retired)
Tom
Posts: 8,790
Registered: ‎30-11-2007

Re: Android handset leak personal data - BBC News - FIXED!

Message 14 of 18 (3,235 Views)
Rank 1: Guest
SteveMW4
Posts: 3
Registered: ‎18-05-2011

Re: Android handset leak personal data - BBC News - FIXED!

[ Edited ]

@Vampy and Nabs

 

So, these are Google issues with Android, right?  We all agree that, right?  And these issues are fixed with 2.3.4, right?  But Vodafone is blocking my ability to download 2.3.4 because I have stock Vodafone firmware, right?  Or can you obfuscate the issue even more?

 

Message 15 of 18 (3,232 Views)
Rank 45: Oracle IV
Nabs
Posts: 8,846
Registered: ‎06-05-2009

Re: Android handset leak personal data - BBC News - FIXED!

SteveMW4,

 

As mentioned this has now been patched on Google's servers so should no longer be an issue to anybody, regardless of what android version they are running.



Find this post useful? Give it the thumbs up below!

 

Message 16 of 18 (3,226 Views)
Rank 6: Frequent Poster
yellow160
Posts: 251
Registered: ‎01-06-2010

Re: Android handset leak personal data - BBC News - FIXED!


SteveMW4 wrote:

@Vampy and Nabs

 

So, these are Google issues with Android, right?  We all agree that, right?  And these issues are fixed with 2.3.4, right?  But Vodafone is blocking my ability to download 2.3.4 because I have stock Vodafone firmware, right?  Or can you obfuscate the issue even more?

 


Exactly.

 

Google is slow enough at fixing issues without then having to wait another ice-age for Vodafone to "test" the release.

 

Vampy - do you have any evidence that Vodafone's testing has protected its customers from bugs in the stock firmware?

Message 17 of 18 (3,208 Views)
Rank 6: Frequent Poster
Masonicmoron
Posts: 303
Registered: ‎30-06-2010

Re: Android handset leak personal data - BBC News - FIXED!

Evidence :smileyvery-happy: protection! 

 

Ice age or longer,  Vodafone's customer service is slipping since last years staff layoffs I have not seen any evidence of any additional protection.

 

If a large company like Google can offer the solutions and fix them reasonably quickly, why do Vodafone need to waste time and money revisiting work done by others?

 

Best regards

 

MM

Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
Message 18 of 18 (3,201 Views)