Sections

Google rolls out fix for Android security flaw

Calendar and contacts exploits already addressed, as patch due in "next few days"

An automatic fix for a serious security issue in the Android OS has begun to roll out for smartphones, as Google tries to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by a research team at Ulm University in Germany and affects 99.7 per cent of smartphone users with Android. The flaw potentially allows hackers access to the calendar, contacts information, and private web albums.

The calendar and contacts exploits were fixed on the same day as they were reported, with the forthcoming patch addressing the other issues.

The university team has stressed that the flaw does not involve any database of information, as with the recent PlayStation Network security scandal, and so far there have been no reports of problems from users.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

The team also discovered that some Android applications transmit unencrypted data.

Related stories

Google Play opens up Early Access

Developers can now nominate their games to be included in early funding program

By Brendan Sinclair

Google Play is adding an Early Access section

Curated storefront will be the most visible part of a push to make open betas more visible to the public

By Matthew Handrahan

Latest comments

Sign in to contribute

Need an account? Register now.