Unsettling information reported by The Register reveals that 99 percent of Android phones are vulnerable to security leaks when accessing Google-enabled apps from unsecure wireless networks.
Researchers at Germany’s University of Ulm discovered that an authentication protocol called ClientLogin was not properly implemented into Android devices operating on versions 2.3.3 and earlier (which is virtually every device).
Because of the public firestorm, Google (GOOG) and independent developers that create apps on top of existing Google products are obviously trying to rectify the situation. Still, the rest of us are vulnerable while we wait for a fix.
So what can owners of Android smartphones and tablets do to protect themselves in the meantime? For starters, don’t operate Google-enabled apps in an unsecured wireless network. On top of that, the Ulm researchers offer their suggestions.
- Update to Android 2.3.4. Update your phone to the current Android version as soon as possible. However, depending on your phone vendor you may have to wait weeks/months before an update is available for your phone. Hopefully this will change in the future.
- Switch off automatic synchronization in the settings menu when connecting with open Wi-Fi networks.
- Let your device forget an open network you previously connected to, to prevent automatic reconnection (long press network name and select forget)
Stay tuned to Appolicious AndroidApps.com for additional security measures you can take and how Google and other developers are addressing the problem.