Great. There’s apparently a major security flaw in Android phones:
“The reality is, you’re carrying around a desktop computer in your pocket — but there’s no security like there is on computers,” explained Dave Aitel, president of security firm Immunity Inc. and a former computer scientist for the National Security Agency.
And no smartphone comes with antivirus software, experts noted.
Android-based smartphones use security tokens to grant access to only certain bits of information on the phone, Aitel explained, such as the Calendar or Google Reader. The token for Gmail is encrypted; all other tokens are unencrypted, he said — and they’re incredibly easy to steal.
“The tokens are essentially keys that only unlock part of the house,” Aitel told FoxNews.com. And because they’re passed to Google servers unencrypted, a cybersnoop could easily swipe one while a consumer is surfing the web in Starbucks.
My biggest concern about my Droid is the fact that it backs up to the cloud, and doesn’t offer a way to store data locally, as I did with my Palm device and Palm desktop. Google’s going to have to make a major effort to straighten this out, with Verizon and others.
[Update a few minutes later]
Apparently, they’ve already fixed this particular problem on the server side, but I suspect this will be an ongoing issue.
MY Windows Mobile 7 smart phone is the same way – rather than sync your Outlook mail, contacts & calendar to your desktop/laptop computer, you are forced to sync to a Windows Live account which stores all that sensitive data on an Internet server. I’ve no idea how secure the setup is.
I won’t be buying another Windows phone, and maybe not another smart phone at all. Might have to go back to that little black book.
Rand, there’s a bunch of Android apps that do all sorts of local file management and backup. I use the Astro file manager and “SMS Backup&Restore” as the name implies.
I have the HTC Inspire, and both it and the Samsung Galaxy my wife briefly tried have contact import/export features. For your contacts, what else would you need?
As far as Calendar and Gmail, well, they were already in the cloud so the lack, if any, of an external backup isn’t specific to Android.
I’m not addressing the security issue, btw.
Rand, this is already fixed in the latest OS version. The culprits here are the carriers who refuse to update the phones. The OS is up to version 2.3.4 but there are still phones running version 1.6. That isn’t Google’s fault.
The first Android firewalls are starting to appear too:
http://www.whispersys.com/whispermonitor.html
I know there is at least one antivirus program out there as well.
I’ve concluded that this is another misleading headline from the lame-stream media. The phone itself is nearly as secure as a computer can be without being a totally locked down appliance. But apparently certain standard apps are exchanging potentially sensitive data in the clear, making it vulnerable to network sniffing.