Google rolls out fix for Android security flaw

Calendar and contacts exploits already addressed, as patch due in "next few days"

An automatic fix for a serious security issue in the Android OS has begun to roll out for smartphones, as Google tries to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by a research team at Ulm University in Germany and affects 99.7 per cent of smartphone users with Android. The flaw potentially allows hackers access to the calendar, contacts information, and private web albums.

The calendar and contacts exploits were fixed on the same day as they were reported, with the forthcoming patch addressing the other issues.

The university team has stressed that the flaw does not involve any database of information, as with the recent PlayStation Network security scandal, and so far there have been no reports of problems from users.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

The team also discovered that some Android applications transmit unencrypted data.

Related stories

Noah Falstein leaves Google, says he's "not ready to give up making games"

Internet giant's chief game designer departs after opportuninty to develop new titles "fails to materialise"

By James Batchelor

"Don't rely on being featured by app stores"

Google's Matteo Vallone encourages mobile devs to find other channels to new audiences and trust in the quality of their games

By James Batchelor

Latest comments

Sign in to contribute

Need an account? Register now.