privacy - Android Community

Tagged: privacy

HTC software bug leaks WiFi passwords on some Android phones

By Michael Crider
on 2 Feb, 2012

The last few months have not been kind to HTC on the security and privacy front. First there was a bug in HTC's Sense skin that allowed for remote file access on a handful of smartphones, then the whole Carrier IQ debacle, which was demonstrated mostly on HTC's hardware. The latest snafu was uncovered by the United States Computer Emergency Readiness Team, which states that a considerable amount of HTC phones are running flawed software that allows third-party applications access to encrypted WiFi passwords. The US-CERT team published their findings on the Homeland Security website yesterday.

O2 exposes customer phone numbers before plugging security hole [UPDATE]

By Michael Crider
on 25 Jan, 2012

UK citizens who use O2's wireless network got a nasty shock this morning, when reports around the web claimed that their phone numbers were being exposed to any website they visited from their mobile phones. While not a malicious attack, a setting in O2's network was broadcasting its customers phone number in addition to standard browser data like user agents, device type and screen size. This morning Android phones and other O2 devices stopped broadcasting mobile phone numbers, indicating that the security hole has been patched. O2 still hasn't spoken publicly on the issue.

Google updates their privacy policies and terms of service

By Sam Koutroulakis
on 25 Jan, 2012

Google has decided to update their privacy policies across all of their products, and condense them into a single policy. This updated document will better clarify how users information is stored and treated within their different services and products. Yes, this not only includes their web based services, but Android OS as well. Anywhere you login to your Google Account, this new policy will most likely apply.

Verizon and Rogers don’t use Carrier IQ, Vodafone and O2 “don’t collect info”

By Michael Crider
on 1 Dec, 2011

The media storm over Carrier IQ's implicit privacy and security violations continues. Yesterday we contacted Verizon Wireless about the intrusive logging software, and a representative told Android Community that the company does not use Carrier IQ software in any of its products. Canadian carrier Rogers joins them today, also stating that Carrier IQ is not present on any of its devices. A company spokesperson confirmed on Twitter that none of the phones or tablets in their lineup use the software.

Carrier IQ busted on video: records keystrokes, web traffic

By Michael Crider
on 30 Nov, 2011

Carrier IQ's support software has been monitored closely by Android security watchdogs for the last few weeks. After an embarrassing public relations snafu, the company stated that their software does not record personal information, despite the findings of an independent security analyst. But The Register reports that same analyst has now shown the Carrier IQ software logging keystrokes in real time, and transmitting them over an unsecure wireless connection. Carrier IQ is, in a word, busted.

Carrier IQ backs off, apologizes to Android security whistleblower

By Michael Crider
on 23 Nov, 2011

That was fast. Just one day after threatening an XDA-Developers member with legal action over exposing embarrassing privacy violations in their network management software, Carrier IQ has retracted its demands and issued a public apology. The retraction came after the EFF came to TrevE's legal aid and blogs and news sites around the Internet slammed the company's actions. Recognizing a public relations nightmare when they saw one, the company said it was "deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart." The press release went on to say that Carrier IQ's software doesn't record keystrokes, location or usage information, in direct opposition to TrevE's findings.

EFF defends Android whistleblower from Carrier IQ lawsuit

By Michael Crider
on 23 Nov, 2011

Smartphones are a minefield of potential privacy and security violations on the best of days, and careless software implementations like HTC's recent Sense UI issue don't help. So when XDA-Developers poster TrevE found some disturbingly direct violations of Android users' privacy in the Carrier IQ tracking software, he made it known to as many people as possible, with citations and evidence as needed. Now Carrier IQ has sent him a cease and desist letter, threatening legal action if he doesn't remove his research and allegations. The Electronic Frontier Foundation, a legal defense group for technology enthusiasts and issues, has offered him assistance.

Possible Dolphin Browser security and privacy issues found [Updated]

By Michael Crider
on 27 Oct, 2011

Dolphin Browser HD is one of the most popular 3rd-party browsers in the Android Market, and with good reason. But an issue with version 6 and the current version 7 have raised the eyebrows of some users over at the ever-inventive XDA-Developers forum. According to forum poster "Fnorder", the new Webzine feature records every link, search and visited page and sends them to a remote server. If true, the breach of Dolphin users' privacy is very disturbing indeed. UPDATE: In response to the security and privacy concerns, the makers of Dolphin Browser have disabled the Webzine feature. According to the developer, user browsing data was never saved, and users' security has not been compromised.

HTC promises OTA privacy patch in pipeline

By Chris Davies
on 4 Oct, 2011

HTC has confirmed that a fix for the recently uncovered security vulnerability in its Android smartphones is in the pipeline, addressing what some security experts suggested was a "massive" privacy issue. "In our ongoing investigation into this recent claim," the company told Engadget, "we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application" However, HTC also insists that it has seen no reports of the loophole actually being taken advantage of, with the potential for harm seemingly more theoretical than practical at this stage. Nonetheless, a security update is being worked on now, and which - after some carrier testing - will be delivered OTA to HTC Android phones. There's no timeline for its release - HTC says the carrier testing period will be "short" though that's presumably up to the networks themselves to deliver on - so until then the company points out that people should "use caution when downloading, using, installing and updating applications from untrusted sources." That's pretty sensible advice no matter what the situation. Full HTC Statement:

HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability. HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

Android tracks users too [Report]

By James DeRuvo
on 22 Apr, 2011

Fresh on the heals of controversy that Apple's iPhone 4 OS collects location data on users, a recent report shows that Google's Android system performs the same spying functions. Security experts have found that the Android OS collects location based data every few seconds and transmits it to Google several times an hour. In addition to a user's location, the Android OS also catalogs a user's name, signal strength of nearby hotspots, and the phone's unique identifier. The idea is to triangulate a user's location in proximity to local WiFi networks in order to push location based advertising.