Smartphones optimize

[Update] Google knows where you've been and they might be holding your encryption keys

On the heels of other disturbing stories about Google and privacy and security issues, blogger Donovan Colbert discovered another problem with info that his Android device shares with Google. [Updated post]

[See *update at the end of this original post]

After waiting in disappointment after missing the original rush for the ASUS Eee PC Transformer Android-based tablet, last night I finally got my hands on it and the keyboard dock that converts the device into an Android netbook. My iPad and my Lenovo S10 are both quaking in fear right now, and they probably should be. I'm still learning about this device, and actually I'm writing this document on the Eee Pad using the bundled Polaris Office application - so this article won't be a review of my experience with the device. Instead, this will be about an interesting thing I discovered about Android OS that increases my growing concern and discontent with this new era of personal digital devices and the companies that sit behind their emerging place in our lives.

I purchased the machine late last night after work. I brought it home, set it up to charge overnight, and went to bed. This morning when I woke I put it in my bag and brought it to the office with me. I set up my Google account on the device, and then realized I had no network connection. My first response was to connect to our corporate public network connection - but we just moved offices and I did not know the WPA2 key off the top of my head. Instead, I pulled out my Virgin Mobile Mi-Fi 2200 personal hotspot and turned it on. I searched around Honeycomb looking for the control panel to select the hotspot and enter the encryption key. To my surprise, I found that the Eee Pad had already found the Virgin hotspot, and successfully attached to it. I literally questioned myself, wondering if I had simply already attached to the hotspot from the Eee Pad and forgotten about it. But that was not the case.

As I looked further into this puzzling situation, I noticed that not only was my Virgin Hotspot discovered and attached, but a list of other hotspots, including the hotspot at my campground (a 45-minute drive away) were also listed in the Eee Pad's hotspot list. The only conclusion that one can draw from this is obvious - Google is storing not only a list of what hotspots you have visited, but any private encryption keys necessary to connect to those hotspots in the cloud.

Beyond the obvious personal privacy issues this raises, there are other concerns that might not be as readily apparent. One might argue that if you use an Android product and Google services, you implicitly consent to this "feature" of the Android OS platform. But many of the Wi-Fi access points we access are not our own, and frequently there are specific terms of service associated with these APs; generally, that we will not disclose the encryption keys for these APs to third parties. This is a reasonable and obvious security policy, but clearly Google doesn't care about the ToS policies on shared public hotspots protected by encryption.

As far as I can tell, there is no clear and easy way for Android end-users to "opt out" of sending their access points to Google for storage on the cloud and synchronization to other Android devices the user may own. If this is the case, Google gives the Android device user two choices: do not access public encrypted wireless access points or violate their terms of service by sharing those access keys with Google. The obvious response that I would expect third party public encrypted hotspot owners to adopt is to specifically prohibit subscribers from accessing those APs via Android devices. As noted, my corporate office has a public, protected wireless access point. The idea that every Android device that connects with that access point shares our private corporate access key with Google is pretty unacceptable. The frustrating thing is that this isn't just something I would have to make a policy for visitors, but even our own employees with Android devices should be prohibited from accessing our public Wi-Fi AP. Unfortunately, this includes me.

In a recent blog for TRoL I suggested that our future under the corporate rule of Facebook, Google, and Apple might make the darkest days of the Microsoft Empire look pretty benevolent and progressive -- as more and more information like this is exposed about how Google and Facebook regard personal privacy issues. I think it illustrates that my concern is relatively well founded. This isn't just a trivial concern. The fact that my company can easily lose control of their own proprietary WPA2 encryption keys just by allowing a user with an Android device to use our wireless network is significant. It illustrates a basic lack of understanding on the ethics of dealing with sensitive corporate and personal data on the behalf of the engineers, programmers and leadership at Google. Honestly, if there is any data that shouldn't be harvested, stored and synched automatically between devices, it is encryption keys, passcodes and passwords. It makes you wonder what other information Google might be harvesting and storing to "add value" to your "Google Experience".

Because -- make no mistake about it, that is the spin that Google would put on this "feature". And, it is convenient - especially for the consumer who doesn't know better and would willingly sacrifice their personal privacy for a little convenience that makes them have to think less about their personal technology. That is the thing that I may be the most troubled by. I'd argue that many of the biggest abuses that Redmond was guilty of in cutting corners were achieved with the complicit assistance of the consumers. They willingly traded in reliability and security for convenience. It seems that Google was paying attention to Redmond's playbook in this regard. I doubt many consumers will see the problem with the implications of what is going on here - but it is clear to me, and I'm certain that I don't like it.

What do you think? Is this an innocent, excusable mistake? Is Google a company that only has the best interests of the consumers at heart? Are we making too much out of this, or has Google crossed the boundaries of reasonable behavior? If anyone can confirm or refute the results I've encountered here, I am also interested in hearing your experiences.

For the record, my experience as described was with an Acer Eee Pad Transformer I purchased last night. I haven't confirmed the experience and never noted it before on any of my other Android devices. Is this a Honeycomb "feature"? An Eee Pad feature? If anyone has any additional information, feel free to contribute to the discussion in the forum.

*Update to original post:
As pointed out by several readers including Tech Republic reader danmcgee - you can opt-out of the behavior in Android. It seems that many, if not all Android devices are configured to back up settings by default and the disclosure of what information is backed up varies from device to device and by version of Android.

If the option is available on your device, you will find it in the Settings\Privacy menu. Unchecking "Back Up My Data" will disable this feature. Please note that this is not granular; you either opt-in and back up all of your data including hotspot names and keys, or you opt-out and back up nothing. On my Droid 2, this option simply states, "Back up my data - Back up my settings and other application data". When disabled it brings up a dialog "Backup! Are you sure you want to stop backing up your settings and application data and erase all copies on Google servers". When you hit "OK" there is no further dialog. When you re-enable this option, there are no additional dialogs informing you that your Wi-Fi keys are being backed up. The video below illustrates exactly what I see with my Droid 2:

Related reading:

Read Declan McCullagh: Exclusive: Google's Web mapping can track your phone

About

Donovan Colbert has over 16 years of experience in the IT Industry. He's worked in help-desk, enterprise software support, systems administration and engineering, IT management, and is a regular contributor for TechRepublic. Currently, his profession...

156 comments
Hexxen
Hexxen

I've only just come across this topic so apologies for being a bit late! Does anyone know if Chrome books have a similar default setting that would sync in the same way?

cgdynamic
cgdynamic

What a great Post. Reading this as well as remembering back into the not to distant past regarding the hacking of Sony and all that personal information taken. Really draws a clear picture. How safe is anyone?... Truth be told your password on your computer... Network Key... or just about any other means of digital security can be hacked by a twelve year old and a good Google search. These passwords, keys, etc. are no different then your front door. Sure they offer that warm and tingly feeling of being protected but if some one really wanted to break in, your door or lock on the door is not going to stop them. It is not a Google's job to protect you. They are only around to provide convince and make a fortune by adds they throw at you (My opinion.. To each his own). If you are worried that your information can be come available to outside parties. Then protect yourself. Place your wireless network outside your network infrastructure. Hide your SSD Don't use a generic pass phrase Set your IP's limit to only the devices you own. Get a decent firewall. and monitor your network. This is basic stuff but it should give you readers the idea. Regardless of how much effort you put into keeping yourself private... eventually you too will have a Network key stored on Google servers. LOL... Great article thanks for shedding the light

gunga55
gunga55

This thread is making me ill I think that many of the posters here should have their TR accounts revoked and should go back to AOL dial up on their Mac's

dcolbert
dcolbert

I managed to get my hands on a Droid 1, factory reset the device, and without a Cellular activation, logged into the device using my Google credentials. The log in process required me to access a WiFi connection. This is the portion where I have been accused of possibly "jumping the gun" with my original post. I think that has been exaggerated. I entered the WiFi password and it completed the sync. Once done, not only did it have a list of all WiFi hotspots I have visited, with passwords, but it also synced my default background, a picture of a barn that I took with my Droid 2. That didn't happen when I first set up my ASUS Transformer. Screenshots from the process follow: Droid 1 setup disclaimer #1 - GSP data http://twitpic.com/5folgz Droid 1 setup disclaimer #2 - Back Up data (This is the important one)... http://twitpic.com/5fomaj Droid 1 setup #3 - Google App sync notification: http://twitpic.com/5fomfw Droid 1 sync complete - even my desktop background has been copied to this new phone: http://twitpic.com/5fomrq Droid 1 setup final - Autopopulation of SSIDs and encryption keys without user intervention. http://twitpic.com/5fpiow The disclaimer is there on the Droid 1 - I just don't think the vast majority of Verizon users, at the very least, actually get to see that disclaimer, because a Verizon rep generally sets the phone up for them. Once it is set up, there isn't anything in the Privacy\Back Up My Data settings tab to indicate that WiFi passwords are being backed up to the Google Cloud. I know this much, before this blog was posted, no one was talking about this, and it seems very few people were aware that it was going on. It seems like this helped get the word out there about a potentially very disturbing aspect of the Google cloud backup of Android devices - and that seems like a win for security and privacy, to me.

gsullivan
gsullivan

entia non sunt multiplicanda praeter necessitatem

dcolbert
dcolbert

Top Google Hit for search on "Donovan Colbert Google" The first Tech Republic article that is displayed, the #3 top hit, (for me) at the moment is: "Why the iPad will fail to win significant market share". This article hasn't been on the top first PAGE of a Google Ego search in months. Interesting. Bing is a compeltely different story. On Bing, the same keywords turns the entire first result page into a list of links to this story or other sites that have picked up on this story. On Google, you won't see a link to this story until the *7th* result returned by the search engine. Yahoo also returns lots of hits on this article, but does not rank my article that predicted the iPad would fail to win significant market share above those articles.

draack
draack

These kinds of findings/discussions are the very reasons why I've decided *not* to use my iPad or my smartphone to do *anything* with my finances ... no checking of credit card balances, no paying bills, no looking at my credit union account ... nuthin'! That said, I have one *very* low-limit credit card I use for nook and iTunes purchases, but that's it. If someone hacks that, they don't get much. Or is that naive, too?

essin
essin

I thought the wpa2 key was to encrypt the traffic between the device and the AP. In my network, once the key is activated in the AP, no device can connect without the same key. I don't see how the scenario presented here could ever happen unless the AP was configured wrong or there was another, unsecured AP that was in range so the key was irrelevant. Please tell what I don't understand about AP function.

danfleming
danfleming

I admit it, the first time I discovered my Kindle and my phone syncing to the last page read I thought that was the coolest damn thing ever -- but at the same time I found it down right creepy. This device cloud technology that Google is pioneering at the bleeding edge with many other companies following is moving so fast that consumers are not seeing it. I am a tech savvy very security conscious that works in the IT industry and this very much concerns me. *Everything* should be OPT-IN. Every data-set that has the potential to carry sensitive data should not be "backed-up" by default. My greater concern is that the public at large will not force change until something malicious breaks so companies will continue on their merry way until one of them makes a big enough mistake; and hopefully I won't be caught by it. Thank-you Mr. Colbert for raising a great issue and helping me stay informed.

dcolbert
dcolbert

This should be enough to illustrate that at least MY Android device (The Droid 2) is less than forthcoming about what is being sent up to the cloud. My Droid 2 was set up by a member of my IT support staff that prepares and distributes electronic equipment to the staff at my organization. While that does not excuse that my IT organization should have caught this issue - it also illustrates that the owner/operator of a device may not be the one who actually sets it up. In fact, in many instances, a user will have their Droid activated at the store by their sales agent who will set up everything when the customer buys the phone. This is a common practice with all handsets, but it obviously becomes more important when dealing with a smartphone - so if there are disclaimers during the original configuration of an Android device, it seems very likely that most consumers will never see it.

adon24
adon24

If General Google is in fact storing encryption keys to WiFi LANs what do you suppose would be the real reason behind the guise of enhancing your Google experience? I have long ago suspected that Google is nothing more than an extension of the United States federal government. So the reason is that the government can track us when we are mobile.

vstaryder
vstaryder

Be worried about people like Anonymous or LulzSec (lulzsecurity.com) penetrating the friggin FBI....

plandok
plandok

Because of the security problems associated with wireless networks, I do not use them at home or at work. I reluctantly use them while travelling but make sure to use the best security I can and avoid sensitive work. Many wifi spots do not use WPA or WPA2 (yes, I know it has problems too) but you can sit outside and log on at Starbucks for example - they want you to have them as a "second home". Too many people don't care either about security thinking that no one will be "watching" them because they are "insignificant". How do you know if you are "insignificant"? If so, why would the government require that no agency or individual involved in "spying" on citizens can reveal this is going on? Huh? Do you trust your government any more than a business? Especially when there are "fortunes" or "empires" to be made around "security". Personal ethics or morals go out the window. Just plain old human GREED. I'm not paranoid but... I live next door to a bunch of university students. When I tested my netbook with built-in wireless, there were about 24 networks in "view". A few were open but all the student ones - the Apple ones - were relatively open. (University students are the only people I know who can afford Macs for surfing and word-processing - and for messaging, facebook, google.) With all the publicity constantly bombarding anyone, even non-geeks, you'd think people would be wondering. But I cannot find anyone I know who even understands security unless they work in the area. And, I don't trust the "police" forces of government with all the pressure to produce results or get sent to the beat walk or central registry and mail. Don't care if "they" are innocent - despite everything about legal rights. Watch Conspiracy Theory with Mel Gibson and enjoy. Remember it was out before the Matrix and common personal computers. Watch your own feelings closely during your viewing. Then make your comments on the goodness of humans. Me? I'm sticking with wired networks 'cause it takes a lot more work to tap me. Oh, forgot to get a Tempest keyboard and that my ISP logs all my calls for addresses. I'm doomed too.

vaughanm
vaughanm

So does this mean if a friend comes by with his android and I add him to my secure wlan that anyone with an android can then use my wlan? If so then its serious, I dont want randoms accessing my network

rryness
rryness

This article served as a reminder for me to check my Privacy settings and ensure that "back up my settings" was not enabled. I found it interesting (and somewhat suspect) to discover that the Privacy menu on the Evo4g has been hidden (as of Gingerbread, apparently). In order to access the Privacy settings one must go to Menu > Settings, hit the Search button, search for Privacy, and click the Privacy result. While it does seem a bit shady that the Privacy menu has been concealed in this fashion, I don't know whether the change would be attributed to HTC and the Sense UI or to Google and Gingerbread. Are the Privacy settings on any other devices running Gingerbread (or later) similarly concealed?

richardstl
richardstl

If I am understanding you correctly, you are concerned about someone sniffing your Wi-Fi keys when google restores from their servers. Are you sure this traffic is all plain-text? I am making an assumption that when my gmail is synching to my mobile device, it's using SSL (I haven't really researched that). The next logical assumption would be that my 'backup data' would also be transmitted via SSL. Sorry, I just can't believe an information company like Google would overlook that detail. Has anyone researched this?

Lightning Joe
Lightning Joe

...and maybe that's WHY I am more cautious. At the FIRST HINT of Google's fascination with grabbing everyone's data, years ago, I started using a page called Scroogle (because it is a SCRaper of its data that goes to and comes back from gOOGLE). It strips off any id's attached to your search request, and likewise strips the ads from the results page it send to you. You get back a simple listing, ala the prehistoric google search. Which is what (and is ALL) that I want. If you use Scroogle, remember that it is a private user's project, and needs the occasional donation, to keep his servers current. I keep it on my button bar: http://www.scroogle.org//cgi-bin/scraper.htm

burgerd
burgerd

How does this obvious security issue with the new Acer (and possibly other mfgs) stack up against the IPad 2 and Apple? The school I work for has RUSHED a "provide an iPad for students and faculty program" into reality and I was wondering if Apple provides greater privacy or not. DB

ipblythe
ipblythe

on Settings/Accessibility I have disabled Accessibility and all Kickback, Sound back and Talkback. Am I now safe from google snaffling my login data, although the damage is done already.

keith.davis
keith.davis

Are we creatures of convenience, yeup. The Backup and Restore feature descriptions make it appealing for the user to say sure, why not. But, when you couple Google's global WiFi mapping with this "appealing" feature you have to wonder about this carrot. The ability to backup data as this should be a stand-alone selection in my opinion.

ronan
ronan

Funny thing is....... I???ve got a Samsung Galaxy TAB (WIFI only) from the Google I/O conference. Took it to Europe a few weeks ago, and discovered I had a few problems getting the thing to work properly. I thought it might have been because I thought the device might have some tie with a Verizon MIFI as a service provider. Then a really funny thing started to happen when I couldn???t get the built in clock to auto update with local time, and behold it had connected to 2 WIFI spots that were in reach. I thought initially, ???how convenient??? that the connection to these devices was handled automatically! I was baffled how it got keys. I though that one of them might have been because of a key sharing feature installed on one of the access points, however that device was not configured to share that key without a manual step that means walking up to the access point and pressing a button. But there was no way the second access point can do this. Then I began to think that the device is searching for favourable connection points according to its "preferred" subscriber and having a bit of difficulty completing the task, and it was clamping onto these WIFI spots and getting some sort of partial service. I then tried to browse the LAN on that hot spot to see what I could find, but I was not finding any other devices, however I was convinced at this point that the device was experiencing a significant imminent failure. Within a few more minutes of examining configurations and settings menus and looking for on line solutions to the clock problem the whole thing crashed in a terminal fashion. I'm not saying that the crash is/was anyway related to the WIFI issue, but it did cut short my ability to investigate further. I had been thinking about possible "Bonding/Coupling" to a Verizon mifi service and how in the future roll out of larger hand held products like galaxy Tab/ I pads/ and the new chrome laptop etc, how these devices would be distributed and sold considering that mobile devices like these need to have internet access on the GO and neither are SIM enabled like a smart phone or CDMA enabled devices. While in the US I noticed there seemed to be lots of issues related to the ATT and iphone user experience and thought that a different kind of stimulus is necessary to enable the marketing and proliferation of these devices in the rest of the world by mobile data service providers (telecoms providers), as data service providers will inevitably wish to ensure that their network is used wherever possible. Extending that concept further ???based on the above article??? I got to thinking about how it is widely envisioned and discussed to have ???country-wide??? WIFI hotspots, are we really looking at the possibility that devices such as this are to have the ability to be connected to the internet anywhere without sharing keys ? Or is this a trial of a concept that access is ???out there wirelessly??? and any connection to the cloud will do, and I don???t care how I get to it, no matter who broadcasts it! And the funny thing is; this is the first time any android device was connected to either of these networks, however plenty of apple devices and PC???s had been used to connect to various Google accounts at this location and there are multiple other pieces of hardware networked on these WIFI access points, including; dongles, printers, HD media players, phones, etc etc, so?????? If it even had a valid key? Where did it get these keys from? Is it mimicking something? Is this a coincidental security flaw on WPA2 that is being exploited? I look forward to getting my repaired Tab again so I can investigate further.

donaldgagnon1
donaldgagnon1

Just the simple fact that privacy has spiraled so far out of our control and has prompted thousands of debates like this all over the planet should be sending up a very, very red flag. The endless questions about Facebook, Google and other services and their very questionable data harvesting techniques (and future plans for all that data) has even gotten national governments across the globe wondering if their own data is secure. These are certainly some very murky and uncharted waters we are now all swimming in and it likely will only get worse. By framing most of this stuff as a 'convenience' and 'added value' to users, they have seduced the global community into surrendering vast amounts of private information. My guess is that they do this strictly for financial gain by selling off the info to the marketing agencies, but, the more pressing issue is just how secure all this data really is. Some of the most secure databases on the planet have been easily hacked into, so what makes Facebook or Google or any other databases truly secure?? Therein lies the real danger and what these debates should really be focusing on.

mkalhaj
mkalhaj

I can see that most of the people who have contributed to this article are very computer savvy. I really can't confirm or negate any of this simply because I do not use Google cloud, droid, or cloud computing. You do realize that; technically speaking, cloud environment cannot be encrypted! The ONLY company that has gone through GREAT lengths to SUCCESSFULLY accomplish cloud encryption is Trend-Micro.. And to be able to encrypt you have to use the following solutions: a. Encryption for E-mail Client. b. Encryption for E-mail Gateway. c. Endpoint Encryption. d. Hosted E-mail Encryption. and e. Secure Cloud 1.1. Please do note that I DO NOT WORK FOR OR REPRESENT Trend-Micro. I simply did truck loads of research for building our corporate cloud. Please also note that all these solutions could probably be hacked, regardless of what Trend-Micro says about this!! And most importantly; ALL THIS SECURITY IS DESIGNED FOR PRIVATE CLOUDS.. I am almost certain that "Public" clouds are nowhere near this level of security. People of the Net; you do understand that the cloud or mesh or whatever other names it goes by actually (eventually) has your "encrypted" data stored on some server in some data center somewhere in the world, or don't you? You really think whomever runs the joint there does not have FULL access to the data stored on those physical servers? Please do some self-education on terms such as RAID, RAIN, Data Backup, and Data Reconstruction and the differences between them. And while all the geniuses who created cloud computing will say that they have no way of viewing your information; I will simply never believe it! How do devices gain access to an existing network without your authorization? They are programmed to do so in a way that they "ride" the existing network for Admin purposes only.. In lamer terms; have you ever wondered how your Windows OS CAN manage to activate itself upon installation even if you do not provide it with any access codes to the existing network? You won't be able to BROWSE the net until you provide the network codes, but Windows will activate without them!! Another fine example of "riding" the network is a software by a company called iPass.. iPass is a small software client that you can install on almost any OS or device (even Symbian). Then you buy a subscription from iPass which will enable you to connect to the net using a single Username and Password provided by iPass at over " a reported" 100,000 public hotspots around the globe WITHOUT having to know the network credentials of those hotspots ever. And this is all done legally and on the up-and-up!! iPass will charge you and then do reconciliation with the ISP which owns that hotspot and pay them for your usage of their network and simply profit from the difference. DO NOTICE HOWEVER; that the iPass application WILL "ride" the network in order to authenticate your username and password WITHOUT THE NETWORK CODES of that hotspot and BEFORE you can BROWSE the internet!! Now, since all I really have on my computers, laptops, iPhone, and Symbian devices basically consists of games, music, a lot of porn, some family photos, dumb e-mails and Sun Tzu's Art of War; I really don't give a hoot who can hack-in, as long as they don't delete any of it (especially the porn). In anybody else's case; if you do not want your data hacked and you want your privacy maintained; DO NOT USE CLOUD! In fact; do not use the same computer to store your sensitive private information (like your bank details or the home-made bondage video involving your wife's sister) and to access the internet (or any other network) at the same time. THIS IS CALLED A STAND-ALONE COMPUTER!!! The ONLY things you can attached to it are your mouse, keyboard and monitor! You can then install periodic updates for the OS and other applications by downloading the "Re-Distributable" installation files for these updates using your net-enabled device, and then transferring them to your stand-alone via CD or USB memory drive. And before anyone starts making any accusations or gets enraged by part or all of the above.. Please understand that I DO NOT HAVE PROOF of any of the above.. I ONLY have enough concerns to make me not want to use cloud computing! Cheers!

skris88
skris88

On my 2.2 device it's an opt-in feature. It may be that with the EEE tablet Asus decided knowingly or accidentally to make it a default. Either way it's good to know such settings need to be checked on any and all Android devices. Hopefully Google will come to their senses and require all manufacturers to ensure that manual opt-in is the default. But with Android being open-source I don't see how Google can enforce that - it's up to the consumers to (hopefully!) shun manufacturers who wish to risk our security with some lazy user-friendliness!

konrad
konrad

The real fun is that they probably also have the GPS coordinates to those access points. Now that's what I call convenient service!

gunga55
gunga55

google does keep a list of hot spots and when ever you are in a location it auto loads for the convience of the user. Its not a hidden fact and can be easily shut off. It is great when one moves around alot

extremedonkey
extremedonkey

Okay, to start off with: this article is just plain wrong and exemplary of bad journalism. Wi-Fi SSID/password sync/backup has been on Android for a very long time (I'd guess about Android 1.6). Secondly, the option to "back up" your wifi details is one of the first things that you have the option to do when you set up a phone. From memory it's the last screen just before you finish setting up your phone. It spells it out in plain writing. So unless you are a moron, you didn't bother actually reading what options you were setting and just blindly ticked the box. The accounts are backed up to your Google account, so Donovan was obviously using the same Google account on his tablet that had on his phone. Thirdly, how is this a security hole? It's a user-opted, back up of wireless passwords in a secure manner. If YOU have access to the access point on your phone with YOUR google account, then you would have access via your tablet. I have several Android phones (for dev, tinkering, and old ones), and this feature plus the other sync backup features are invaluable in me setting up a new phone or phone flashed with new firmware. It seems that everyone is so eager to jump on the Android "insecure" FUD bandwagon that they aren't even fact-checking simple things that even a random Android user like myself knows, before jumping to Google PR. Check your facts, or stop posting false journalism!

tesseract7
tesseract7

Yes, it is 2011 now, but Google must still think it is 1984, AND that all the security issues there are these days DON'T EXIST, like they didn't in 1984. WAKE UP, GOOGLE!! Or there will be another class action lawsuit heading your way...

twadhawan
twadhawan

Well Indeed I fully agree with the use of public disclaimers and much awareness at user level but at the same time it will be interesting to analyze google's privacy policy in regard to this data stored on their servers. As much I support the convinience and adaptability but security and data privacy is equally critical.

tony
tony

I don't see the issue here. You have configured your devices to sync with the cloud - what's the problem? Turn off the cloud and you are good. This is the choice you make when you accept cloud services. Live with it...

info
info

It must be a fairly new/updated google feature as on my Dell Streak i have the backup feature ticked (under Privacy) but i know that it doesnt copy over the WiFi key for my network as i have had to enter it each time i have re-installed the device from scratch. It also makes no reference to WiFi keys in this section and just seems to imply that it backs up application settings and data. It is running on 2.2.2

ChristianMMott
ChristianMMott

I have the Acer Iconia A500. Nice tablet by the way. I used my Google account that has been backed up to the "Cloud". No AP's were automaticly connected. I am thinking of running a restore and seeing what happens after that. And to Google,....WE WANT MORE TABLET APPS!!!

dcolbert
dcolbert

Can the average IT professional really be effective at this against the talents and skills out there trying to compromise their defenses? I mean, show of hands - how many IT professionals feel 100% secure they're ready to take on any threat that comes their way? Who wants to go and challenge Lulzsec to compromise their systems, personal or professional? For the record... I don't... I see some people out there calling groups like these script kiddies. I've got far more respect for the capabilities of Lulzsec and Anonymous than to do that. And if IT professionals feel this way, (and I bet a lot more of us DO feel this way than will be willing to admit to it, here) - then what hope is there for the average consumer? The only thing they've got going for them is safety in numbers, something that Chad Perrin repeatedly assures me is no safety at all. It seems to me that the bottom 98% of the technology using public, professional or consumer - is beholden to the top 2% of black-hat hackers. I think that is the pink elephant in the room with this discussion.

dcolbert
dcolbert

Such strong opinion without any examples to substantiate the reason you feel this way. Puny thread make Hulk angry?!? I mean, give me something to work with. What about this thread is making you hold TR readers, posters, maybe content contributors, in such low regard?

dcolbert
dcolbert

It begins to limit the scope of what it is reasonably SAFE to do with a personal digital device - not because the device is not capable of doing it, but because you can't trust the systems and subsystems on which the device is BUILT. I have a basic faith in the PC - the open-endedness of the device. The very ability to easily put Linux or Windows, various versions, even Mac OS X, or FreeBSD or other *nix on this device, without lots of hassle, speak to the openess of the design - and my ability to get right down there between the hardware and the OS and have a pretty good idea of what is going on. I realized my iPad and my Android tablets - they're largely black holes. I'm locked into what is on them unless I *really* learn how to seriously hack the platform. Otherwise I may be able to do some things beyond the limits of the average user, but I'm relying on the expert skills of OTHER people to make those opportunities available to me. The fundamental difference between my Eee PC 701 and my Eee Pad Transformer TF101? The Eee PC 701 came with a Linux on it. I had Win 95 on it, I had Ubuntu 9.x on it, I had JoliOS on it, right now it has Chrome OS - making it a true ChromeBook. The Eee Pad... has Android Honeycomb on it, and barring official updates from Google *through* ASUS, that is how it is liable to remain. Sure, someone may figure out how to hack iOS on it, or other mobile OS platform - but it'll always be a process fraught with risk and involving a lot of people with huge levels of knowledge doing things on the back end to make that happen. It is fundamentally different, and less trustworthy that traditional computing models. Which is the ONLY reason I'm hanging on to my Lenovo S10.

dcolbert
dcolbert

I don't understand your question. A WPA2 key does encrypt the traffic between the device and the AP. Furthermore, it is required to authenticate the device on the AP to access the network. The problem is - on your network, my Android device sends your WPA2 key to Google's servers in the cloud. But all I have to do is log in using the same Google account on another Android device, and that device downloads your WPA2 key to it. I can then come back and connect to your network on this device that you haven't authorized. The AP configuration or another unsecured AP are in no way necessary to do this. Furthermore, anyone who gets access to my account or to the information backed up on Google's servers (A hacker, a Google employee, the federal Government, China) now has access to YOUR WPA2 key that was uploaded to Google's servers by MY Android device. And YOU probably don't even realize that when you allowed my Android device on your network, your WPA2 key was sent outside of the organization to be stored on Google's servers. I've now compromised your network WPA2 security - and you don't know it, and I probably don't know it, either. When you read that Google's servers were hacked, and shortly thereafter discover that your DNS server is hosting a rogue SMTP server sending out boatloads of spam daily and getting your IP Address banned - you'll eventually start to put the pieces together. By then, the damage will be done.

dcolbert
dcolbert

Them penetrating google.com's servers where every Android user's WiFi access points and keys are stored? Match that with a Google Account and password... and you've got the beginnings of instant identity theft on an unprecedented scale. "I'm you, and I'm you on YOUR netowork, reading YOUR e-mail". What... me worry?!?

dcolbert
dcolbert

If you add a friend's Android device to your secure WLAN, and he has it set to sync all info to Google by default (which he probably does), then your WLAN Access Point name and secure key are sent to and stored on Google's servers. Thereafter - there are lots of potential scenarios. Say Google gets hacked by Luzsec and they get your friend's account. Now all they have to do is log in with an Android device near your wifi using your friend's account, and they've got access to your WiFi network. Or say the Government is investigating you because they think you were taking part in an Anonymous hack against Sony. Instead of hacking their way into your network, all they have to do is subpeona Google for access to your friend's acccount, get your keys, and now they can get on and monitor you and your wifi network, without you having any clue you're being investigated. We'll assume they had to get a warrant, but in today's environment, that isn't necessarily a safe assumption. But just because you let you friend with an Android connect to your WLAN doesn't mean that everyone with an Android then automatically has access to your WLAN. There is some work involved in compromising your security.

mkalhaj
mkalhaj

Now since I do not use droid or cloud.. I really don't know the answer to your question for certain, but; Google will store the keys that you use to log into networks using your username and password, and will only sync the devices you use (or anybody else uses) to access your account using the same username and password. Simply giving a friend who came over for a drink your network credentials will not sync them to your google account UNLESS you or they use THEIR device to access your account. Two more things to note though.. First; giving anyone your wifi password means that they can store it and possibly give it to other people, they will have complete access to your files and printers and other devices, AND they can probably use your network when your not home and without your knowing simply by showing up at your door-step or simply living next door to you!! This is because the radius of coverage of your router or hotspot has an average of about 30-50 ft. for a good signal. The second and MUCH MORE important thing is that you must NEVER use anybody elses devices to access your google cloud account (or any other cloud account) because that device WILL SYNC all the "known" access points which google cloud already has saved. Remember computers and software applications are anything but SMART!! If you log in to your cloud account with the correct username and password; the DUMB application might simply sync WITHOUT asking you (in a little pop up window): Would you like to sync your new device? Simple really: Try not to use other people's devices, and don't let them use any of yours to get online. Try to periodically change the credentials of your wifi network (Once a month should do) Cheers!

dcolbert
dcolbert

And the fact is that it *isn't* disclosed on the machine, and I'm not certain it is disclosed on Google's online documentation linked to in this thread. Is there any language that says, "All data backed up to Goolge if this option is selected on your Android phone is transferred encrypted with a 256 bit encryption algorithm over an SSL connection... blah blah blah"? When you see the option on your phone, which is buried in "settings", in "privacy", the language varies by release of Android, and *never* says anything remotely like this about just HOW the data is sent up and pulled down. But what about Google getting hacked? Countless Android users out there, as illustrated by the response to this thread, did not know that their device had automatically opted-in to back up their WPAx keys and hotspots to Google servers. This is a *problem*. I don't see how we can shift the responsibility to the device user *or* trivialize the impact by focusing on just one potential way that this could be exploited. If you're pulling my personal encryption keys of ANY kind off my device to store on your server, for convenience of for any other reason, it should be OPT-IN not OPT-OUT, and there should be flashing neon lights and huge dire warnings and full disclosure of the risks with a couple of "Really... this isn't a great idea, are you still SURE you want to do this? Y/N" chicken switches.

dcolbert
dcolbert

That the guy running Scroogle isn't Scroogling you? I mean, hasn't it been released that OperaTor basically an initative of the DoD or some other Government TLO - supposedly to help people communicate and surf securely in oppressive regimes - but with the catch that if you're going through a government controlled OperaTor node, it actually makes it EASIER for them to collect data about you? There is a rub, there too: The paranoid tin-foil hat types who distrust everything are more likely to use solutions like this, like Opera Tor, like chained anonymous proxies. But the fact is that this ISOLATES them into a much smaller group that is much easier to identify as holding some subversive ideals and philosophies and to observe. So it becomes easier to target them with apps that promise to PROTECT them while doing exactly the opposite. Quite a catch-22 there, isn't it? I mean... who has a RFID wallet and uses PGP keys to encrypt their e-mail and has a professional enterprise firewall on their home network? Not your average guy next door. It might be someone who isn't interesting at all - but it might be someone who is very interesting indeed, and in any case, there are so few of them it isn't that much trouble to check them out, maybe. You can't check EVERYONE out, but you can get the people who you want to check out to give themselves up. That is one of my concerns about Linux and Linux security and where I constantly run afoul of Chad Perrin in my warped definition of just what "security through obscurity" means in practical applciations. The minute you start using Linux and talking about security, if you haven't been flagged as some kind of "personal of potential interest", I think you're probably headed DOWN that road. I suppose it depends on what you've been checking out of the public library. (*adjusting my tin foil hat*)

dcolbert
dcolbert

I think there is a lot of speculation right now, and I'm as guilty as the next guy of that - but it is hard to get a straight answer, and I'm just a 3rd tier contibuting writer - so I don't have a lot of clout for getting a response from the PR groups from large organizations. But here is my initial thought, which I will probably expand on in a later blog. These devices are *appliances* more than PCs. Call them personal/portable digital devices or whatever else you want, but they're fundamentally different than a traditional PC. There is a certain analogy to a regular grocery-getter passenger car. The analogy extends further in that a modern grocery-getter has become insanely difficult for a DIY mechanic to work on. The end-user of a modern passenger car has very little insight into what is going on with his or her vehicle. They opted into this for convenience, reliability and because it is what the manufacturers build for them that the market will deal with. Make my car go 100,000 miles between tune-ups, but make sure that I *have* to take it into a mechanic with the latest equipment and the most well trained staff if I want to have it repaired correctly. No longer can I have my buddy Bill the self-taught mechanic come over and jack it up in the garage and repair it over a weekend. This is the model we're seeing consumers moved towards for computing devices. And I think Droid, IPad, WebOS, ChromeOS or other platform, we're going to see that this is mostly the direction for consumer digital devices. Is this coming across? Basically, I don't think you can have the same level of trust with these kind of devices that you can with a traditional PC installed with Windows, OS X or Linux. But the catch is most people don't *know* how to do what is required with a traditional PC to get this kind of benefit. Instead, they struggle with maintaining these devices. They slow down, they get infections and malware, they crash. They'll give up their privacy to have a system or platform where they are absolved of the responsibility. I think you're picking your poison when you chose between Apple's abuses of consumer privacy and Google's abuses of consumer privacy.

Muttz
Muttz

I have the original Galaxy Tab 3G on Bell in Canada. So far, no wifi keys have been stored. I also have a Coby Kyros and a Witstech A81E. Those two have been flashed with custom roms many times and I have always had to retype my wifi key. Maybe it depends on carrier and country? Good discussion. I had better be good. Between my iPhone and my Android Tabs, i have nowhere to hide!

JCitizen
JCitizen

has a political action arm, that has recently lobbied for change in the last law that was past just not long ago. I got a letter on it last week, but don't have the details. It did address some of the issues put out here; and Facebook was mentioned as one of the targets of the new regulations. Just how well they will be enforced and understood is another matter.

dcolbert
dcolbert

If Android were a closed source, completely proprietary OS, Google would have much more ability to control the terms and conditions under which the OS could be included on a vendor's hardware - and this could arguably result in a more secure and logical configuration by default on all machines bundled with the Android OS. But because Android is FOSS based - it is much more difficult for Google to control this - and that is liable to have long term implications on the perception of security associated with Android (and possibly other Google platforms). Ironic.

santeewelding
santeewelding

"False" and "wrong" -- these are all you have in your armamentarium? You are impoverished.

dcolbert
dcolbert

I went to great lengths in the original article to express that I was not completely certain. I used language that expressed this (expressed it far more clearly and transparently than Google disclosed and expressed their policy of backing up data including WiFi keys to the cloud). Here is a direct quote from the article. Notice the phrase, "As far as I can tell"... As far as I can tell, there is no clear and easy way for Android end-users to ???opt out??? of sending their access points to Google for storage on the cloud and synchronization to other Android devices Here is another example: If this is the case, Google gives the Android device user two choices... Key words that time, "if this is the case"... Perhaps you didn't bother to read the entire article before you responded in righteous indignation, because I summarize by saying, If anyone can confirm or refute the results I???ve encountered here, I am also interested in hearing your experiences. Doesn't that translate more or less into, "I'm not certain that I understand what I'm seeing here, if anyone has more information, please feel free to CORRECT me if I am WRONG". I think it does. That doesn't seem like *FUD* to me. And if that wasn't enough, I recap the experience again, one final time, and FINISH with: If anyone has any additional information, feel free to contribute to the discussion in the forum. Attacking my credibility several times in strong and certain terms when you're this far off base and easily refuted makes me wonder if it isn't YOU who should be checking your facts carefully before writing responses. You also didn't read any of the forum posts - where your point has already been made and discussed, with the clear conclusion among MOST IT professionals responding here that it still isn't suitable as implemented by Google, handset manufacturers or the Wireless Telcos on Android devices - from a sound security practices perspective. But you did do the righteous indignation bit very well.

Get-Smart
Get-Smart

This "option" is enabled by default - there is no "set up a phone" procedure that's done by the consumer. The Privacy option buried in settings on my phone reads "Back up my settings and other application data". It says nothing about network keys or encrypted WiFi data. The only mention about it pushing data to the Google servers [i]is when you turn it off[/i]. It is non-obvious. This article alerted me to (yet another) careless setting that Google uses to collect data, so this makes it a valuable article. So if somebody planted drugs on you without you knowing, told you "you shouldn't go through a security checkpoint", and you did anyway, would you be satisfied that you received your just punishment when you got caught with drugs on you? After all, it was your fault because the information was disclosed to you. Same logic. If you want to give up your information, that's your choice, it's not mine. I choose to keep my private data private. Compromising that principle should be a voluntary and conscious decision, not one made for me by default.

dcolbert
dcolbert

Here is the deal - I'm certain of it. I've got a Droid 2, and it is set up to back up the phone data to the cloud. When I activated the Eee Pad and entered my Google information, it synced everything down, including downloading whatever apps it could. That is when it dumped the APs and keys down to the Eee Pad, I'm pretty certain we've worked that out in the conversation. So provided two things (1 - you have a device that is set to backup to the cloud that has accessed encrypted APs) (2 - you start a new device that downloads your settings backed up to the cloud) You're going to see my results.