You are here:

Samsung

Ask a question:
Reply
Rank 1: Guest
Posts: 3
Registered: ‎18-05-2011

Android handset leak personal data - BBC News

In light of the BBC News story today that the well publicised Android vulnerabity is fixed in Android 2.3.4, can we get an official response from Vodafone as to why the 2.3.4 update for the Google Nexus One is still not available?  Further, in the event that my data is "leaked", will Vodafone accept responsibility for any losses incurred until the 2.3.4 update is made available?

 

Rgds

 

Mr. Lawsuit Pending

 

 

Message 1 of 18 (3,990 Views)
Posts: 9,893
Topics: 294
Thanks: 2,722
Ideas: 13
Solutions: 474
Registered: ‎06-05-2009

Re: Android handset leak personal data - BBC News

[ Edited ]

Hi SteveMW4, nice to see you on the forum! I posted about this in another thread last night and unforunatly i don't thinkn it's the news you would want to hear

 

Here's what was said anyways: 

 

This issue is caused by the fact that the tokens are not being encrypted before transmission.

You are only at risk of being affected by this if you use an unencrypted internet connection and this would only occur if you are using a public wifi hotspot.

This is a minor issue and wouldn't gauruntee any kind of update.

Also most phones that are being updates are getting updated to 2.3.3 which is still affected, so an update wouldn't fix the issue.

There is an issue in android 2.1 with SMS handling, this issue was fixed by Google in 2.2 but took networks months to get round to updating handsets, in fact you will still find several handsets on 2.1

Best advice here, don't use public WiFi.

 

sigbar.png

Message 2 of 18 (3,982 Views)
Rank 21: Instructor V
Posts: 2,514
Registered: ‎20-07-2009

Re: Android handset leak personal data - BBC News

Exactly that Nabs, BBC creating paranoia. If users are sensible and use common sense you'll have no issues
HTC One X (S720e)
ROM: 3.14.401.31 (JRO03C)
HBOOT: 1.39.0000 | Recovery: Stock
Radio: 5.1204.162.29 | Kernel: Stock
Message 3 of 18 (3,977 Views)
Posts: 9,893
Topics: 294
Thanks: 2,722
Ideas: 13
Solutions: 474
Registered: ‎06-05-2009

Re: Android handset leak personal data - BBC News

[ Edited ]

The BBC atricle fails to mention anything about unsecure public WiFi connections i.e. the only realy cause of any risk. I have mentioned this to the BBC hopefully they will modify the story

 

As much as it pains me to say it even TechRadar have got better coverage of this one.

 

Also taken from the Ulm-Uni teams results page:

 

What Android users can do:

  • Update to Android 2.3.4. Update your phone to the current Android version as soon as possible. However, depending on your phone vendor you may have to wait weeks/months before an update is available for your phone. Hopefully this will change in the future
  • Switch off automatic synchronization in the settings menu when connecting with open Wifi networks.
  • Let your device forget an open network you previously connected to, to prevent automatic reconnection (long press network name and select forget)
  • The best protection at the moment is to avoid open Wifi networks at all when using affected apps.

sigbar.png

Message 4 of 18 (3,969 Views)
Rank 1: Guest
Posts: 3
Registered: ‎18-05-2011

Re: Android handset leak personal data - BBC News

What?  What is meant by "public" wifi?  Does that include the BT Openzone optional plan?

 

Are you saying that when I can't get a wireless signal (because I'm on the ground floor of pretty much any brick building in London where reception SUCKS) but there is a BT Openzone signal available (a service that I actually PAY Vodafone for) then I'm supposed to NOT use that service I pay for, even when it's the only option?  I suppose if Steve Jobs can get away with telling people to hold their phone differently, then telling me not to use the only option available is ok.  Oh, wait......

 

Option 2.  A simpler solution would be for Vodafone to get their finger outta their ###### and update to 2.3.4.  It seems they want the control but they're not prepared to accept the associated responsibility.

 

Lawsuit pending.

Message 5 of 18 (3,948 Views)
Rank 23: Tutor II
Posts: 717
Registered: ‎19-09-2010

Re: Android handset leak personal data - BBC News

[ Edited ]

LOL @ people.

 

Vodafone - lawsuit pending for a security issue in Google software. If you were really that worried, you'dve followed RustyU's easy to follow and completely legal guide to updating the software. 

Message 6 of 18 (3,945 Views)
Posts: 8,790
Topics: 208
Thanks: 312
Solutions: 413
Registered: ‎30-11-2007

Re: Android handset leak personal data - BBC News

Message 7 of 18 (3,940 Views)
Rank 6: Frequent Poster
Posts: 303
Registered: ‎30-06-2010

Re: Android handset leak personal data - BBC News

[ Edited ]

Hi Tom

 

Please confirm that there are 2 major issues you are not fixing in withholding the updates from your users

 

1) SMS to incorrect recipitant from 2.2.3

2) Data leak from 2.3.4

 

Thank you in advance

 

Best regards

 

MM

Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
Message 8 of 18 (3,923 Views)
Rank 23: Tutor II
Posts: 717
Registered: ‎19-09-2010

Re: Android handset leak personal data - BBC News

Funny how your mentioning problems in OS versions that Vodafone haven't released. Colleague of mine is "fully up to date" on his Vodafone nexus one, android version 2.2.1. Oh dear, doesn't affect Vodafone customers. Tom doesn't need to respond to that
Message 9 of 18 (3,919 Views)
Rank 6: Frequent Poster
Posts: 303
Registered: ‎30-06-2010

Re: Android handset leak personal data - BBC News

O² customers with a Nexus one are on 2.3.4

Also up to date no data leaks or wrong SMS's

All the best

MM
Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
Message 10 of 18 (3,914 Views)
Rank 23: Tutor II
Posts: 717
Registered: ‎19-09-2010

Re: Android handset leak personal data - BBC News

The wrong sms recipient issue was a GLOBAL Android issue, not specific to ANY ONE PROVIDER. The data leak issue is on PUBLIC networks, and if anyone is dumb enough to input personal PRIVATE information on a PUBLIC network shouldn't have a mobile phone. Sounds like you're just trying to drum up bad press for Vodafone when its a GOOGLE issue. That's pretty lame. Petty. And hilariously directed at the wrong people.
Message 11 of 18 (3,912 Views)
Rank 6: Frequent Poster
Posts: 303
Registered: ‎30-06-2010

Re: Android handset leak personal data - BBC News

[ Edited ]

All I am asking for is the updates to fix the issues

 

Google have fixed them Vodafone is letting us the users down who are unable to root their devices 

Thank you

MM

Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
Message 12 of 18 (3,910 Views)
Posts: 9,893
Topics: 294
Thanks: 2,722
Ideas: 13
Solutions: 474
Registered: ‎06-05-2009

Re: Android handset leak personal data - BBC News - FIXED!

Good news guys!

Google started rolling out a server-side fix for this today and expect it to be complete over the next few.
source 

sigbar.png

Message 13 of 18 (3,901 Views)
Posts: 8,790
Topics: 208
Thanks: 312
Solutions: 413
Registered: ‎30-11-2007

Re: Android handset leak personal data - BBC News - FIXED!

Message 14 of 18 (3,888 Views)
Rank 1: Guest
Posts: 3
Registered: ‎18-05-2011

Re: Android handset leak personal data - BBC News - FIXED!

[ Edited ]

@Vampy and Nabs

 

So, these are Google issues with Android, right?  We all agree that, right?  And these issues are fixed with 2.3.4, right?  But Vodafone is blocking my ability to download 2.3.4 because I have stock Vodafone firmware, right?  Or can you obfuscate the issue even more?

 

Message 15 of 18 (3,885 Views)
Highlighted
Posts: 9,893
Topics: 294
Thanks: 2,722
Ideas: 13
Solutions: 474
Registered: ‎06-05-2009

Re: Android handset leak personal data - BBC News - FIXED!

SteveMW4,

 

As mentioned this has now been patched on Google's servers so should no longer be an issue to anybody, regardless of what android version they are running.

sigbar.png

Message 16 of 18 (3,879 Views)
Rank 6: Frequent Poster
Posts: 251
Registered: ‎01-06-2010

Re: Android handset leak personal data - BBC News - FIXED!


SteveMW4 wrote:

@Vampy and Nabs

 

So, these are Google issues with Android, right?  We all agree that, right?  And these issues are fixed with 2.3.4, right?  But Vodafone is blocking my ability to download 2.3.4 because I have stock Vodafone firmware, right?  Or can you obfuscate the issue even more?

 


Exactly.

 

Google is slow enough at fixing issues without then having to wait another ice-age for Vodafone to "test" the release.

 

Vampy - do you have any evidence that Vodafone's testing has protected its customers from bugs in the stock firmware?

Message 17 of 18 (3,861 Views)
Rank 6: Frequent Poster
Posts: 303
Registered: ‎30-06-2010

Re: Android handset leak personal data - BBC News - FIXED!

Evidence Smiley Very Happy protection! 

 

Ice age or longer,  Vodafone's customer service is slipping since last years staff layoffs I have not seen any evidence of any additional protection.

 

If a large company like Google can offer the solutions and fix them reasonably quickly, why do Vodafone need to waste time and money revisiting work done by others?

 

Best regards

 

MM

Rooting using the boot loader sounds fun

Miss Sold by Vodafone let down by Vodafone
Message 18 of 18 (3,854 Views)
Got a question?

Get help and technical support on Vodafone's devices, products and services from our online community

If your question relates directly to your account or mobile number please contact our customer services team.

Help and Support
My Vodafone

My Vodafone

Stay in control of your spending and manage your account online.

Log in

Register for My Vodafone

Top up