99.7% Of Android Handsets Are Vulnerable To Hacking, While iPhone Remains Secure

99.7% Of Android Handsets Are Vulnerable To Hacking, While iPhone Remains Secure

No smartphone’s security is absolutely failproof, but if you want your smartphone to be secure, buy an iPhone over an Android device. 99% of all Android devices are easily attacked, and it all has to do with Android’s notorious fragmentation problems when compared with iOS.

A team of researchers over at the University of Ulm in Germany have discovered that any Android phone running version 2.3.3 or lower is vulnerable to attacks due to bad ClientLogin authentication protocols.

On layman’s terms, what that means is every time an Android user signs into a service that uses that protocol, like Twitter, Google or Facebook, the authToken information is stored for 14 days, and easily accessible to anyone who knows how to go about stealing it.

The result? Total strangers you’re sharing an unsecured WiFi network with at Starbucks or the like can log into these services as you, as long as they’re savvy enough to do so.

These sorts of vulnerabilities tend to pop up from time to time on all smartphones. Under iOS, it would be quickly patched, and that patch would be pushed out immediately to all devices capable of running the update.

In Android, though, because the carriers and handset manufacturers — not Google — dictate when an update comes out, the security hole is still wide open in 99% of phones… even though Google released a Android 2.3.4 weeks ago to plug it.

Just another reminder that fragmentation is more than just a buzz word. Android’s problems with fragmentation could literally be responsible for someone stealing your identity.

[via Gizmodo]

  • bplano

     Nice post. However, I don’t think the iPhone is completely “secure” by any means, and those “patches” can take a long time to push out (and there’s no wireless sync for iOS itself, so if it was an OS issue, people might not download the fix anyway).

    It’s true that fragmentation is a huge problem with Android, and you make some great points about it’s flaws. But that also gives it flexibility that iOS doesn’t have. 

  • @rtigs

    Yes it gives most droid devices the flexibility of allowing anyone to access and use your private information.  But hey, you wanted an “open platform” and you got it.

  • cyberb0b

     So my Nexus S 4G with 2.3.4 should be good then. Another reason to go “pure”… Or iOS. :-) 

  • cyberb0b

     I don’t think the flexibility to customize your home screen, which seems to be a large percentage of the reason most people select Android is not worth loosing your personal data over. Even any other compelling arguments for using Android doesn’t trump it’s major security issues. 

  • Drstein

     What about the PDF vulnerability of iOS? There was a big error related t oopening PDFs with any iOS device. This was “quickly” (i.e 2 months later) solved by apple in patch 4.0.1…however, the patch only applies to iphone 3 and above. Since then iPhone 2 can be easily hacked. Moreover, it seems that apple will do nothing against it…since none of the future patches can be applied

  • Nutz320

     The flexibility and “open” argument is bullshit, now that Google isn’t even releasing the source code. What they are basically saying then, is that they can ‘root’ the phone. Which we can do with our iPhones too. It’s called jailbreaking…

  • chibiaion chan

    why is everyone running around the circle of security threats? First my ps3 and then this, hackers give me a break. mobile companies give me security. buyaionaccounts

  • Mark Aaron

    My Android Epic 4G is freaking awesome.  Just get Lookout Security and be smart about your usage.   :D I love having Flash on it. LOVE IT!

  • Omar Echevarria

    This would only convince someone who doesn,t have his android protected and chances are if he doesn’t he wouldn’t even know how to find this page

  • Omar Echevarria

    This would only convince someone who doesn,t have his android protected and chances are if he doesn’t he wouldn’t even know how to find this page

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , , |