Hi SteveMW4, nice to see you on the forum! I posted about this in another thread last night and unforunatly i don't thinkn it's the news you would want to hear

 

Here's what was said anyways: 

 

This issue is caused by the fact that the tokens are not being encrypted before transmission.

You are only at risk of being affected by this if you use an unencrypted internet connection and this would only occur if you are using a public wifi hotspot.

This is a minor issue and wouldn't gauruntee any kind of update.

Also most phones that are being updates are getting updated to 2.3.3 which is still affected, so an update wouldn't fix the issue.

There is an issue in android 2.1 with SMS handling, this issue was fixed by Google in 2.2 but took networks months to get round to updating handsets, in fact you will still find several handsets on 2.1

Best advice here, don't use public WiFi.

 

Exactly that Nabs, BBC creating paranoia. If users are sensible and use common sense you'll have no issues

The BBC atricle fails to mention anything about unsecure public WiFi connections i.e. the only realy cause of any risk. I have mentioned this to the BBC hopefully they will modify the story

 

As much as it pains me to say it even TechRadar have got better coverage of this one.

 

Also taken from the Ulm-Uni teams results page:

 

What Android users can do:

• Update to Android 2.3.4. Update your phone to the current Android version as soon as possible. However, depending on your phone vendor you may have to wait weeks/months before an update is available for your phone. Hopefully this will change in the future. 
• Switch off automatic synchronization in the settings menu when connecting with open Wifi networks.
• Let your device forget an open network you previously connected to, to prevent automatic reconnection (long press network name and select forget)
• The best protection at the moment is to avoid open Wifi networks at all when using affected apps.

What?  What is meant by "public" wifi?  Does that include the BT Openzone optional plan?

 

Are you saying that when I can't get a wireless signal (because I'm on the ground floor of pretty much any brick building in London where reception SUCKS) but there is a BT Openzone signal available (a service that I actually PAY Vodafone for) then I'm supposed to NOT use that service I pay for, even when it's the only option?  I suppose if Steve Jobs can get away with telling people to hold their phone differently, then telling me not to use the only option available is ok.  Oh, wait......

 

Option 2.  A simpler solution would be for Vodafone to get their finger outta their ###### and update to 2.3.4.  It seems they want the control but they're not prepared to accept the associated responsibility.

 

Lawsuit pending.

LOL @ people.

 

Vodafone - lawsuit pending for a security issue in Google software. If you were really that worried, you'dve followed RustyU's easy to follow and completely legal guide to updating the software. 

Hello,

 

Our statement can be found here: http://forum.vodafone.co.uk/t5/About-the-Community-and-Latest/News-Android-Security-Vulnerability/td...

 

Thanks,

 

Tom

Hi Tom

 

Please confirm that there are 2 major issues you are not fixing in withholding the updates from your users

 

1) SMS to incorrect recipitant from 2.2.3

2) Data leak from 2.3.4

 

Thank you in advance

 

Best regards

 

MM

Funny how your mentioning problems in OS versions that Vodafone haven't released. Colleague of mine is "fully up to date" on his Vodafone nexus one, android version 2.2.1. Oh dear, doesn't affect Vodafone customers. Tom doesn't need to respond to that

O² customers with a Nexus one are on 2.3.4

Also up to date no data leaks or wrong SMS's

All the best

MM

The wrong sms recipient issue was a GLOBAL Android issue, not specific to ANY ONE PROVIDER. The data leak issue is on PUBLIC networks, and if anyone is dumb enough to input personal PRIVATE information on a PUBLIC network shouldn't have a mobile phone. Sounds like you're just trying to drum up bad press for Vodafone when its a GOOGLE issue. That's pretty lame. Petty. And hilariously directed at the wrong people.

All I am asking for is the updates to fix the issues

 

Google have fixed them Vodafone is letting us the users down who are unable to root their devices 

Thank you

MM

Good news guys!

Google started rolling out a server-side fix for this today and expect it to be complete over the next few.
source 

Thanks Nabs, I've put our official message here: http://forum.vodafone.co.uk/t5/About-the-Community-and-Latest/News-Android-Security-Vulnerability/m-...

@Vampy and Nabs

 

So, these are Google issues with Android, right?  We all agree that, right?  And these issues are fixed with 2.3.4, right?  But Vodafone is blocking my ability to download 2.3.4 because I have stock Vodafone firmware, right?  Or can you obfuscate the issue even more?

 

---

SteveMW4 wrote:

@Vampy and Nabs

 

So, these are Google issues with Android, right?  We all agree that, right?  And these issues are fixed with 2.3.4, right?  But Vodafone is blocking my ability to download 2.3.4 because I have stock Vodafone firmware, right?  Or can you obfuscate the issue even more?

 

---

Exactly.

 

Google is slow enough at fixing issues without then having to wait another ice-age for Vodafone to "test" the release.

 

Vampy - do you have any evidence that Vodafone's testing has protected its customers from bugs in the stock firmware?

Evidence  protection! 

 

Ice age or longer,  Vodafone's customer service is slipping since last years staff layoffs I have not seen any evidence of any additional protection.

 

If a large company like Google can offer the solutions and fix them reasonably quickly, why do Vodafone need to waste time and money revisiting work done by others?

 

Best regards

 

MM