News highlighting further security issues with the popular Android operating system don’t appear to be as serious as suggested, reports BullGuard, and though it’s something that users need to be aware of, adopting safe practice should be an effective stopgap until the situation is fully resolved.
The recent reports indicated that a massive 99% of Android phones are vulnerable to attacks caused by improper implementation of authentication protocols, leaving personal information open to theft by third parties and resulting in growing concern about the safety of user data. This threat isn’t new, however, and needn’t be as big an issue as originally suggested.
“This is something we’ve known about for some time” states mobile security expert with BullGuard, Claus Villumsen. “It was first discovered in February 2011 by random independent groups and it’s piqued the interest of other parties only recently. Though there are things the end-user can do to avoid being caught out, it is down to software manufacturers and vendors to update their applications so that they can use a more secure, encrypted protocol to manage data” he continues.
With the responsibility ultimately lying with Google to provide a solution, it has, already offered a software update that fixes the problem in the form of Android 2.3.4, but the issue for many users will be getting hold of the patch.
“Providers are typically quite slow in offering Android updates to Smartphone users, and it can be a frustrating wait for many who would consider themselves to be needlessly subjected to threats and other problems that have already been fixed” says Villumsen. In response, Google is reportedly working more closely with wireless carriers in order to provide Android updates to consumers in a more timely fashion.
In the meantime, there are steps users can take to help ensure they are not a victim of this latest attack, and BullGuard is advising consumers to, where possible, use a secure HTTPS protocol from a web browser rather than proprietary software to synchronise data and access services such as Picasa.
“Applications such as Facebook started using client-server communication in encrypted/secured formats, so this issue has been fixed by app providers, albeit slower that we’d have wished” states Claus Villumsen. “The flaw is strictly dependent on whether the application knows how to use HTTPS or other communication venues that support encryption so it will mainly be up to the software developers/vendors to fix it. In the meantime, our advice to users is to avoid synchronizing information over unsecured wireless networks, since that is the root of all problems” he concludes.