Google In Process of Fixing Android Auth Token Bug To Stop User Login Credentials Leaking

By  |  0 Comments

Recently discovered security flaw that could allow access to Android’s Google account authentication tokens by a 3rd party will be fixed for all users soon.

The flaw was originally discovered by German researchers, with fear that the way Android sends auth tokens in plain text could result in 3rd parties being granted access to Google accounts.

Google DID actually fix the flaw in its latest version of Android – Gingerbread 2.3.4. The problem for Google and its users though is the way Android is updated by carriers. With carriers and manufacturers both having their fingers in the OS – weather its additional features or a skin – the large majority of Android handsets aren’t going to see the update for months to come.

In order to fix the flaw quicker, Google is now rolling out a server-side fix which will plug the hole for all devices connecting to Google’s servers. The search giant plans to have the fix in place for Android devices worldwide ready within a week.

The negative here though is while the fix applies to Calendar and Contacts, Google’s techs are still working on the issue with Picasa.

Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.

Google recently shared that they are currently looking into the issue of software version fragmentation with the help of its mobile carrier partners with a point to reducing the time it takes for updates to be rolled out to as many handsets as possible.

 

Why is it so hard for people to stay updated when it comes to software? Security should be on everyone’s mind all the time. jsnbd

James Burr is a seasoned Graphic & Web Designer with a decade of experience. A PR Strategist with a deep understanding of Social & New Media. He is also an avid Gamer who favors FPS Games on PlayStation & PC.

You must be logged in to post a comment Login

Leave a Reply