No smartphone’s security is absolutely failproof, but if you want your smartphone to be secure, buy an iPhone over an Android device. 99% of all Android devices are easily attacked, and it all has to do with Android’s notorious fragmentation problems when compared with iOS.
A team of researchers over at the University of Ulm in Germany have discovered that any Android phone running version 2.3.3 or lower is vulnerable to attacks due to bad ClientLogin authentication protocols.
On layman’s terms, what that means is every time an Android user signs into a service that uses that protocol, like Twitter, Google or Facebook, the authToken information is stored for 14 days, and easily accessible to anyone who knows how to go about stealing it.
The result? Total strangers you’re sharing an unsecured WiFi network with at Starbucks or the like can log into these services as you, as long as they’re savvy enough to do so.
These sorts of vulnerabilities tend to pop up from time to time on all smartphones. Under iOS, it would be quickly patched, and that patch would be pushed out immediately to all devices capable of running the update.
In Android, though, because the carriers and handset manufacturers — not Google — dictate when an update comes out, the security hole is still wide open in 99% of phones… even though Google released a Android 2.3.4 weeks ago to plug it.
Just another reminder that fragmentation is more than just a buzz word. Android’s problems with fragmentation could literally be responsible for someone stealing your identity.
- Via Gizmodo