Google fixing Android flaw that could leak personal data.
Posted: Fri May 20, 2011 11:51 am
Google fixing Android flaw that could have leaked personal data from millions of phones
Google is in the process of updating its Android operating system to fix an issue that is believed to have left millions of
smartphones and tablets vulnerable to personal data leaks.
"We recently started rolling out a fix which addresses a potential security flaw that could, under
certain circumstances, allow a third party access to data available in calendar and contacts," a Google spokesman said in a statement. "This fix requires no action from users and will roll out globally over the next few days."
The fix is being issued for every version of Android released and began updating devices Wednesday, according to a person
familiar with the software update who spoke on the condition of anonymity because of their relationship with Google.
The Mountain View tech giant hasn't found any instances of hackers taking advantage of the flaw to steal a user's
personal data, the person said, adding that Google hadn't known of the potential for such an exploitation until Germany's University of Ulm issued a report on the security hole.
"The implications of this vulnerability reach from disclosure to loss of personal information for the Calendar data," Ulm researchers Bastian Könings, Jens Nickels and Florian Schaub wrote in their report.
"For Contact information, private information of others is also affected, potentially including phone numbers, home addresses and email addresses."
The flaw affected 99.7% of all Android smartphones and was not limited to Google Calendar and contacts, "but is theoretically feasible with all Google services